I am looking to block emails where the FROM in the P2 header is being spoofed using our email addresses. I can kill these off at the exchange server by removing the ms-exch-smtp-accept-authoritative-domain-sender on the Internet facing domain connector. Is there a way to kill these via "Email Protection"? If I add our domain in the "Sender Blacklist" does this look at the P2 header or only the P1 like SPF?
P1 header
mail from: someone@someotherdomain.com
rcpt to: user1@mydomain.com
data
P2 header
from: user1@mydomain.com (problem)
to: user2@mydomain.com
Subject: P1 and P2 headers are different
The P1 and P2 headers will be different in this message.
Thanks,
Jim
This thread was automatically locked due to age.
