You want to check the "Authentication-Results" header.
Example on how to do that:
https://jaapwesselius.com/2020/03/28/sender-domain-validation-check-in-exchange-online/
How to create a 365 exchange rule for all users based on the header?

Jim Millerick
31
Reputation points
I go to the exchange admin center
select rules
Create a rule
If the sender is located outside the organization and the recipient is located inside the organization
prepend the message with external
That works
BUT if I try add another condition - such ahs the header includes spf=fail, the rule doesn't work I think it might be because of the header name - i've tried test, spffail and others but it doesn't work. I have no idea what the header name is or should be or if it is just a rose by another name.
Accepted answer
-
Andy David - MVP 120.5K Reputation points MVP
2021-02-18T18:22:18.777+00:00