Background:
I'm an IT Administrator. We have an administrative Adobe account and issue accounts/licenses to our users.

Summary:
The problem is being unable to determine if emails from adobesign@adobesign.com are really from our staff or outsiders (since all AdobeSign documents send from that address) and I've found no points (email headers, body content, metadata... etc.) from which to filter these emails in our email security system, Mimecast.

Details:
I know of at least one person who has created an AbodeSign with a display name that matches our company's name. When their AdobeSign emails come to our users, I want the email system to block it; however, I need to allow AdobeSign emails from our staff.

Goals:
1. Determine if the email is malicious or not
2. Determine if the email was sent by our staff or not.

Technical Limitations:
- Because emails are sent by Adobe servers, emails from bad actors are considered legitimate.
- Because Adobe account usernames/email addresses are omitted from the email body/headers, emails from bad actors and our staff cannot be differentiated.
- Because the contained link resolves to Adobe Document Cloud (a login page), the link cannot be used to filter content from bad actors.
- Because the recipient must log in in order to see the content on the Document Cloud website, our scanners cannot determine if the document contains malicious or phishing content or if the text or hyperlinked URLs within the document are lead to a malicious website.

Workaround:
The only workarounds I can think of are to add some kind of template text to the email body or to add a special character within the display name of every user account. These workarounds can be copied by bad actors and it would only solve problem 1, knowing if the email came from an account that we provisioned.

Request:
Please add the ability to configure header information or something that a user cannot see but that an email system can actionable filter on. I believe this would help aid admins and business owners defend themselves against hackers who utilize your platform maliciously.
If there's any other option that you have to allow any non-Adobe system to monitor the opening of content hosted on your systems, please reply with that.

Thank you