Rather than creating a compliance rule, have you considered setting up an SPF record in DNS and then you can just turn on SPF filtering.
One thing to keep in mind is that SPF filtering is not perfect. Mailing lists and poorly configured, but legitimate websites can cause problems for you.
Basically, you create a TXT record in DNS that defines all the sending mail servers for your domain. Then any mail server or filter that supports SPF will check all email proporting to be from your domain with that DNS record. If the sending server is not on the list, YOU can advise if the messages should be treated as forgeries or treated as suspicious.
Examples of things that won't work. Many mailing lists on the internet will leave the original sender's email address intact before remailing the message to the mailing list. There is normally a "reply-to" header that should direct all replies back to the list, but Symantec does not check the reply to, just the from:.
Also news websites and travel websites are two that typically annoy me. They like to send messages with your email address as the sender. The "Click here to send this story to a friend" type of thing. Normally, I'd block those without a second thought, but several travel websites will send a confirmation from an admin to the executive with her notes. Very annoying.
Please note that you will likely have the same issues with a compliance rule as well. SPF will block forged emails for other email admins as well, however. If I get an email from someone at legislature.state.tn.us and the sending server is not in your SPF record, the I can know it was forged and block it as well.
Message Edited by Dennis Pinckard on
02-15-2008 07:41 AM