Hi,
I have a question. We own a domain name (example mydomain.com), and we have it configured in our on-premise exchange environment as an accepted (authoritative) domain. Some of our users have this as their primary smtp address. Our SPF records for this domain only include our internal Hub Transport servers
However, we also run an ecommerce website www.mydomain.com, which is hosted by a 3rd party. When a customer places an order on the website, the 3rd party sends an email to the customer, ascustomersupport@mydomain.com (which is a real email address in our environment), and also copies the email to our internal web sales dept.
We use FOPE for spam filtering, and those emails have been getting quarantined. This makes sense to me. Why would our internal servers, accept email from a domain, from which we host internally?
I was wondering how other companies handle this type of situation? My thoughts were I can put a rule in FOPE to say allow emails fromcustomersupport@mydomain.com, but I feel like an external domains that our customers use, may check for SPF and mark these legit emails as spam?
Any advice would be appreciated.