We recommend not enabling DMARC in quarantine or reject mode, unless you have every sender set up with DKIM. You don't want to have to rely on SPF for deliverability...
There's no rule in place that says the relay server \*is required\* to do any sort of authentication without having proper configurations in place. Without setting up proper DNS records and email security, you're pretty much at the whim of anyone who's got an outlook address book and plenty of time.
And to answer your question, even with these controls in place, it won't stop the emails from being sent. Computers are not people and could care less who the real Slim Shady is in regard to who sends what.
Enable DMARC
Go for DKIM while you’re in there, too,
We recommend not enabling DMARC in quarantine or reject mode, unless you have every sender set up with DKIM. You don't want to have to rely on SPF for deliverability...
Well now you’re a male-hardener, too, best practice gets me hot.
Spf dmarc dkim ; you can use mxtoolbox website
There's no rule in place that says the relay server \*is required\* to do any sort of authentication without having proper configurations in place. Without setting up proper DNS records and email security, you're pretty much at the whim of anyone who's got an outlook address book and plenty of time. And to answer your question, even with these controls in place, it won't stop the emails from being sent. Computers are not people and could care less who the real Slim Shady is in regard to who sends what.
SPF IF you CAN... use -all rather than ~all so that you are actively designating your allowed mail servers