Getting many False-Positives between users in the same domain (primary mail server is on Rackspace)

Created by Yves Lacombe, Modified on Tue, 26 Oct, 2021 at 9:53 AM by Yves Lacombe

Problem:  


if [email protected] sends an Email to [email protected] ... they often wind up in quarantine on Proofpoint Essentials.



Root Cause:


Unfortunately if your mail is hosted on Rackspace, contrary to on-prem Microsoft Exchange or Office365 where two users communicating with one another never leaves the premise, inter-user emails controlled by Rackspace follow MX resolution so the emails going from UserA to UserB transit through proofpoint instead of staying internal to rackspace.


Workaround:


You need to create a filter rule that basically says:


if any emails for *@mydomain.com come in and they have rackspace header elements in them, then allow them.



Example: