I discovered something disconcerting after one of those "Oops" moments. UserA was replying to an email and accidentally changed the From field to UserB before clicking Send. A funny thing happened... the message was sent, apparently from UserB. The problem? UserA does NOT have Send as or full access to UserB's mailbox, only read access to the calendar folder (which is why Outlook for Mac decided to put the name in the drop-down list for the From field, apparently). When I look at the message header, here's what I see:
From: User Bravo (email@example.com)
Sender: User Alpha (firstname.lastname@example.org)
What the ....? So Outlook for Mac will allow the message to be sent with a "spoofed" sender in the From field and Exchange 2010 will deliver it?!
Has anyone encountered this obvious flaw and is there a fix that I'm missing? My Google Fu is weak today as I can't figure out the right search terms to find this one.
Thanks in advance.