I would like to set up a transport rule to identify inbound email which originated from other exchange servers. I thought this would be a simple matter of looking for some "magic" header, but so far I cannot find a definitive answer to this.

The assumption behind this is that those emails which originate from Exchange will natively support exchange message protection e.g. encryption etc. So if I am replying to an email flagged as originally being from an Exchange server I can then set up an outbound transport to auto-encrypt.

Any help would be appreciated.