> If I don't allow email to come into my network with forged FROM
> headers(or even forged envelope sender headers if they're relevent)
Here's already an error in your idea - you can't reliably see if a
sender address is forged, and therefore:
> how would that NOT prevent the spam from reaching my user's inboxes??
You can't identify these with your filtering rule.
You cleary said that your filtering rule applies to mail that uses one
of your domains (or these of your customers) as the From address. Thus
your definition of a forged sender is: "Every mail with a sender address
using one of my domains, but not relayed through our mail server". That
might a more or less proper check (personally, I'd say: less), but
doesn't match the vast majority of mails with forged sender addresses:
Take 10,000 spam mails you collected in your users inboxes. How many of
them have a (forged) sender that uses one of your domains in their From
I'd really wonder if this is more than, let's say, one, unless your spam
situation is _totally_ different than mine and probably most others. The
spam mails I get (and I get a lot; thankfully SpamAssassin helps me
pre-sorting them into a different IMAP folder) are from forged
hotmail.com, yahoo.com or aol.com addresses in most cases. As long as
Hotmail, Yahoo and AOL aren't your customers, your filtering rule would
match nearly nothing.
Summary: I think your filtering rule has nearly no effects on spam
catching, _and_ it has drawbacks to your customers that want to use
another mail relay than yours. I'd prefer not to use it.