I have been battling with trying to mitigate inbound phishing emails to our staff. The email FROM header address is that of valid staff to other staff requesting information with a REPLY-TO the fraudster.
I have previously stopped these by enabling SENDER ID rejections on the Exchange 2010 Edge servers.
Unfortunately this prevents valid emails coming in from the internet where organisations neglect to add their SMTP servers to SPF records.
Is there a way to specifically block these emails for our Accepted Domains? Our own SPF records cover all SMTP servers internally and EDM.