We setup a mail flow rule in Office 365 Exchange for External Messages. It prepends "External" to the subject and prepends a disclaimer at the top of the message.
My question is -- can we safely exempt domains such as email.teams.microsoft.com ? These are messages that come from Microsoft / Office 365. My concern is -- is there any way for these domains to be spoofed that would fool the mail rule exemption?