Maybe this is covered in the docs somewhere but I haven't seen it...

Are "sender domain" values in Exchange checking RFC5321.MailFrom or RFC5322.From domain?

i.e. Spam Filter's pair of "Domain block/allow list" and New-Connector's statement "and the sender domain is an accepted domain for your organization.

The reason I ask is pesky contact forms on our (clients') website. Email from such things generally have RFC5322.From as website@foobarclient.com but RFC5321.MailFrom as the web host's host23897832.foobarwebhost.com!

EOP no happy then! The new-ish Fraud detection is flagging them now and they go to Spam folder.

Or is there best practice advice? 1) Get contact-form/website/WordPress/PHP/plugins to DKIM sign -- oh I wish; or 2) fake the RFC5322.From to match MailFrom e.g. perhaps website-foobarclient@foobarwebhost.com; 3) add overrides at Exchange -- connector or connection filter?

Thanks

Alan