Internal Executive Spoofing
The Internal Executive Spoofing feature provides protection against spear phishing attacks targeting individuals within your organization. Such emails may come from legitimate (non-spoofed) email addresses, thereby passing other spoofing checks, but use the display name of a known user (often an executive), with the intention of tricking employees into sending money or information.
If an incoming email appears to be from one of your named executives, the feature will check that the message comes from one of a set of approved email addresses for that individual. Messages that appear to come from a named executive, but originate from an address you have not added, are treated as spoofed, and the action you define will be taken (quarantine, discard, or tag). If the email comes from an address you have added for the executive, the usual spoofing checks are performed against the email address to check it is genuine.