What's the best way to block email coming in to a Microsoft Exchange organization where the envelope doesn't match the sender, take the following headers in a CEO Fraud example:
From: CEO <ceo@company.com>
X-Sender: na@zealshopper.net
Reply-To: CEO <infotech937@gmail.com>
We already block inbound email that is spoofing our domain, however Exchange apparently doesn't look at the From: field.
User education is the only fool proof answer to this.
The targets will be pretty specific, so you shouldn't need to educate too many people. The fraudsters are depending on poor internal practises, so to use a saying from another Exchange MVP, you are seeking a technical solution to a behaviour problem.
Rules might resolve it, I haven't worked out the exact combination of rules required to block them though.
