I need help with whitelisting a sender who’s auto-mailing software spoofs our companies displaying name and sending address. I don’t know why this is even a thing as it is a huge red flag for Exchange and it gets quarantined every time. The display name says the company name and the sending address spoofs who ever the mail is going to. So if my company was John’s Pizza and they wanted to email [email protected] the display name would say John’s Pizza and sender address would say [email protected]. The return path has the real senders domain (mail1.wpengine.com) included in the field so it looks like this…. John=[email protected]

Is there maybe a way to make a rule that says impersonation is allowed if the senders return path includes mail1.wpengine.com. They are working with their dev team to get the auto mailer to stop spoofing but maybe something in the meantime? It is getting caught by the Anti-Phish policy. They have several different IP’s they mail from and this email goes to several different people so whitelisting the actual domain vs the sender is required.