It appears some spammer sending out a large amount of email with a spoofed sender address. I've already contacted the host's abuse department, but inside of zoho I'm getting thousands of emails to return@mydomain saying the spammed emails are bouncing. They look something like this:

Hello, this is the mail server on *mydomain*.

I am sending you this message to inform you on the delivery status of a

message you previously sent.  Immediately below you will find a list of

the affected recipients;  also attached is a Delivery Status Notification

(DSN) report in standard format, as well as the headers of the original

message.

These emails are being sent from postmaster@mydomain

https://en.wikipedia.org/wiki/Email_spoofing#The_effect_on_mailservers

The spammer should not be able to send the email as verified from our domain because we are using SPF and DKIM headers on our domain. But, I'm curious why the spammer is sending so many emails from our domain. Is there a vulnerability in Zoho that they are trying to take advantage of?