On outlook 2007, when click on "new" to compose a new e-mail, it is possible to enable "From" field on "options" tab.
After a lot of tests with our system, we realized that it is possible to type an e-mail from other user on the same server that I have my own e-mail address making me act like the other person.
My e-mail (email@example.com) is on the same server as firstname.lastname@example.org and I am able to insert on "from" field the e-mail email@example.com.
When I do this, the firstname.lastname@example.org recieves the e-mail that I send on his "Sent" folder (the mail will be on my send items also) and the e-mail receipt will see "joao.nogueiradomain.com on behalf other email@example.com". The name on the receipt Inbox will not be mine, but from firstname.lastname@example.org
Please see the attached picture.
This situation can be dangerous. The most common users will not understand that this message was sent by other person, making them believe that the message is genuine.
But if I insert an e-mail that it is not on the same server of my address, zimbra connector generates a warning message telling me that it was not possible to send the message suggesting me to recreate it or the send/receive process simply fails.