Once you've created the incoming content filter, go to "Mail Policies > Incoming Mail Policies". Click on the "Content filter" for the Default policy and enable the filter.
So, what this will do is detect if the FROM address is coming from your domain and if so, send it to the Policy quarantine(Monitor > Quarantine) so that the administrator can inspect it at a later time and release them if needed.
How do I prevent someone from spoofing my email address back to my domain?
But if you have many Incoming Policies with couple of hundred Domains to Manage it will be difficult.
You can hold the list of your own domains in either a content dictionary or an LDAP directory. Either way will prevent you from having to modify the content filter each time you need to change the list.
Sounds like you would benefit from the "bounce verification" feature of the AsyncOS.
Go to the Support Portal and download a copy of the AsyncOS Advanced User Guide. Search for "IRONPORT BOUNCE VERIFICATION" and it will explain this feature in more detail.
To use bounce verification, you'll need to make sure outbound messages going to the Internet go through the IronPort appliance. This is needed so that the IronPort can "stamp" the outgoing message so that it will know that it was the system that delivered the message. Then, when bounce message comes back, the IronPort will look for that stamp.
If it finds the stamp on the bounce message, then it'll know it was the original sender of the message.
If there's no stamp, then it's a fake bounce and you can act accordingly for a fake bounce. The Advanced User Guide goes into more detail.
Let me know if this feature would help you.
This is what I mean by spoof email, for example, lets say someone is using my email address to send to someone else and I would get an undelivered from the mail deivery system or administrator.
Mail Delivery System [mailto:MAILER-DAEMON@mx1.dvknet.ru] Sent: Tuesday, September 23, 2008 2:47 PM To: Johndoe@abc.com Subject: Undelivered Mail Returned to Sender
This is the mail system at host mx1.dvknet.ru.
I'm sorry to have to inform you that your message could not be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to postmaster.
If you do so, please include this problem report. You can delete your own text from the attached returned message.
I never sent an email to mx1.dvknet.ru.
How do i prevent this or block it on the IronPort?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...