Maybe this is covered in the docs somewhere but I haven't seen it...
Are "sender domain" values in Exchange checking RFC5321.MailFrom or RFC5322.From domain?
i.e. Spam Filter's pair of "Domain block/allow list" and New-Connector's statement "and the sender domain is an accepted domain for your organization.
The reason I ask is pesky contact forms on our (clients') website. Email from such things generally have RFC5322.From as email@example.com but RFC5321.MailFrom as the web host's host23897832.foobarwebhost.com!
EOP no happy then! The new-ish Fraud detection is flagging them now and they go to Spam folder.
Or is there best practice advice? 1) Get contact-form/website/WordPress/PHP/plugins to DKIM sign -- oh I wish; or 2) fake the RFC5322.From to match MailFrom e.g. perhaps firstname.lastname@example.org; 3) add overrides at Exchange -- connector or connection filter?