We recently had a external security firm check our IT systems and procedures. One thing that was mentioned was the following
"We tried connecting to the exchange server on the network and spoof some fake emails but with no success, the server requires authentication.
However, when an incoming email carrying the same domain as the server’s domain the server did not validate the mail and transferred it as it is to the clients. Advise it so verifty incoming emails"
Im not sure how we can verify incoming emails, any iteams how to make this more secure?
Thanks in advance