We have multiple TLDs sending outbound mail to the internet. We have some developers that don't understand mail / SPF / DKIM / DMARC and send mail as user@someother.domain.com instead of one of our domains.
I think a content policy it the correct place for this.
Lets say I have domain1.com, domain2.com. I'd like to block any mail where the FROM is NOT one of
user@domain1.com
user@host.domain1.com
user@domain2.com
user@host.domain2.com
Would this work? Is there a better way (Regular expression? Domain1 and Domain2 are very different)
Conditions:
Apply to : Outbound Messages
Which of the following must be met: All
If text in From: Address part of the message does not end with "@domain1.com"
If text in From: Address part of the message does not end with ".domain1.com"
If text in From: Address part of the message does not end with "@domain2.com"
If text in From: Address part of the message does not end with ".domain2.com"
Actions
I'd start with add a header, then move to quarantine, and finally delete.