Securing email servers
To get a background on the issue, read this or see the video from vox. We had a similar issues in our department as well. Someone sent email impersonating our HoD’s cse email. OMG!
In brief, any scammers can impersonate and send email from legitimate domain name if email admins do not have secure configuration (appropriate DMARC record). For e.g cse.iitm.ac.in or who.int domain for CSE IITM or WHO
How find if you are vulnerable? or Check your DMARC record for
How to resolve it?
Add a DMARC record as said here
This is a simple thing But, only 15% servers has done this setup. That’s strange, isn’t?
Roll out progressively and monitor daily log. Otherwise, you may end up genuine mails being dropped/lost. As said in this post under section Deploy your DMARC policy slowly.