There is an external app server (that is our service provider) that we want them to blast emails to a team/department in our organization (email domain @ xyz.com) but these emails will have the sender to be in same domain as us ie @xyz.com .
What are the risks of permitting such bypass (ie disable Norelay) in our MTA (it's MS Exchange) & if we have to permit it, what mitigations we can put in place? Roger