Okay, up go SPF shields. After seeing spam emails impersonating my domain, I’ve checked my SPF settings and discovered they were pretty lenient:
v=spf1 include:example.com ?all
Well, no more. If the email is not from Fastmail, it gets blocked:
v=spf1 include:example.com -all