external domain spoofing
I would love to have a setting that would block/reject/quarantine/tag any emails from domains which are slightly different than domains which have been previously accepted. For example, a client of ours was receiving and communicating with an email domain (i.e. xyznewyork.com). There was a man in the middle attack that created a new email domain (i.e. xyynewyork.com) and used the same username as the sender. The email passed through and our client began communicating with this 3rd party with devastating results. I don't know of any current setting in the gateway that would have blocked the email domain is it was correctly set, had MX records, and wasn't on a blacklist. Thus, I think that a new feature such as the one I am suggesting could help block this very difficult form of attack.