We have a policy to block spoofed e-mail based on DKIM. Any message with our domain that originates outside of our network will not be DKIM signed, and therefore goes into the quarantine 'policy'.
Our website however is hosted off site and we have a form that people can fill out to request information on products. This runs PHP code that emails an address internally to us, but it's coming from the off site location. Since it originates elsewhere, but the email has our @domainname in the from field, it is not DKIM signed so it goes into quarantine.
I found a whitelist option in the IronPort C160 and I put the IP address of the colocated webserver sending this message, but it still forwards these messages into 'policy'.
Any idea how to properly implement a whitelist from a known IP address? I don't want to whitelist the address itself ([email protected]), because any script kiddie could spoof it and try to craft a social engineering attack via e-mail.