At this stage, it’s simply a scenario of using the self services password reset functionality for Okta or Entra (which you can get all over as you now hold the MFA element to confirm oneself) and voila, the attacker has taken control of the account. example.com's servers Really don't hear on port 25, Hence the mail server will not build a TCP co