Spoofing SMTP/POP3 is a time honored tradition. Or rather it's allowed by this "standard." You are giving Microsoft far too much credit here.
We have an Exchange Server 2003, and most people in the office use MS OFFICE XP (a few people use Office 2000). Actually, the server is a Small Business 2003 suite.
I was tinkering around with options on the outgoing mail form, and learned that you could add a "From" button about the "To" and "Cc" buttons in Outlook. I then learned that you could put anything you want in it, and if it is another user on the Exchange Server, it will say it came from that user. This was true for mailboxes I DO NOT have permission to on the Exchange Server. While the default is not to see the "From" button, it didn't look like it would take a genius to figure this out.
I can't see why Microsoft would have such a feature. And I can't find any easy way on either the Exchange Server or in Outlook to prevent people from doing this. This seems like a dangerous feature that could lead to a big security issue.
Is there a way anyone out there knows to "block" this that I'm not thinking of? Like creating some sort of complicated "policy" on the network? Or does it involve "custom programming"? Please let me know, thanks.