Domain Spoofing

Question

Hello, 
 I wanted to find out if we can just add our own domain to a rejected group on the firewall incoming rules in order to combat spoofing? I know we are getting lots of crud from the qq.com domain and they are sending it from our own users. What's more they seem to be using our own internal server IP. No doubt gleaned from other automated replies. This is creating a new looping type of problem that sends the rejection to our internal users. It's like they are trying to use other bounce back rules to create more chaos. 
 First; we NEED to be able to block incoming mail FROM our own domain. 
 Second; we can't seem to stop the constant flood on email from the qq.com domain. Specially when it is from our own users address. 
 Third; I can clearly see that they are sending to the internal server address. Shouldn't it at least stop that? 
 ** Note; I still wanted to know if it is possible to add your own domain to a list of rejected FROM Domains. 
 I want to add *@ourdomain.com to a rejected rule that runs before the SMTP rule for inbound mail. 
 We already have a rule before the SMTP to block other ugly things. Since the firewall can't seem to understand that email from our domain outside is wrong, will this help? 
 Thanks, 
 Mark

LuCar Toni · Answer

First of all, you can start with SPF. This will block some of this traffic (V17.5 plus DNS Configuration). 
 There are currently only Central Email and Email Appliance / Pure Message, which can detect this kind of Spoofing. 
 https://ideas.sophos.com/forums/330219-xg-firewall/suggestions/17259497-e-mail-spoofing-protection 
 This would be the matching Feature Request. 
 
 The point is, there are two kind of spoofing. 
 FROM and envelope-From Spoofing. 
 One is the Data part, the other is the sender. 
 XG / SG cannot detect such "data anomalies".