from my server I only allow the sending of mail only authenticating, but in some cases the account is violated and they simulate sending mail falsifying an entity.
example:
/^From: PayPal Inc/
/^From: PayPal/
my idea is that the rule is only for sending outgoing mail