Hi Linda, here's a header to see if you have a solution. This message isn't from a local domain, but it's similar in that there is some serious spam + fraud + phishing going on that needs to be stopped.
Look at all the big domains in this message -- Adobe.com, WebMD, Sam's Club, and even Earthlink.net in the Message-ID -- but none of them match the Return-Path (sending server). Isn't there some kind of check that can be done to warn the user that this is totally fake?
Received: from fce.oralshopup.com (fce.oralshopup.com [220.127.116.11]) by mail.smartermail15.com with SMTP;
Thu, 28 Sep 2017 08:27:54 -0400
Received: from localhost (127.0.0.1) by fce.oralshopup.com id pgb97mg8bgcs for <firstname.lastname@example.org>; Thu, 28 Sep 2017 08:11:38 -0400 (envelope-from <lPIUI7fjMIl2hIA5qi@health.webmd.com>)
Subject: Get a $100 SamsClub Gift Card!
from: SurpriseReward <lPIUI7fjMIl2hIA5qi@demo.adobe.com>
Reply-To: "Hope" <lPIUI7fjMIl2hIA5qi@messages.webmd.com>
Date: Thu, 28 Sep 2017 08:11:38 -0400
Would really like it if SmarterMail could just reject the message entirely because it's so bogus.