We have two C350 appliances that we're looking at configuring for outbound email.
Currently, inbound email is scanned and positively identified spam is quarantined locally.
I am testing outbound email and would like to scan outbound email for spam to combat an increasing number of compromised email accounts that have pumped out spam. The outbound mail policy is configured to apply a custom tag to the header, prepended in the subject line with "Spam" and send it to the local quarantine.
What I've found is that Trace indicates that the test spam messages will be correctly handled, tagged and sent to the spam quarantine. The exact same message content, email addresses etc when sent out from an internal test mailbox is delivered to the external test mailbox without being tagged and quarantined.
Can anyone suggest why this is the case?
Is there another solution to the issue of internally compromised email accounts? We have staff sending legitimate bulk email (often with unverified / invalid addresses) so I don't want to throttle their sending.