But I imagine if a mail server enters into the ESA device, the ESA will do a Forward and Reverse DNS lookup to verify the mail server.
While it may not match your complete requirement of email@example.com having mail.test.com, many verified servers would have their mail servers matching the domain (unless they're a hosted service) so you can use sendergroup matching to filter unverified senders (hosts which connect with no valid PTR/A record attached) to be throttled or dropped at the source if it fits your criteria -- i personally wouldn't drop such connections but would only throttle .
However with content filters, you will not be able to make the system check MX records against the sender domain;
SPF like Jernej suggested will allow some tests, but like you've noticed as well -- there are many servers which do not have SPF TXT records properly published -- but generally should have verified DNS settings.
IntroductionComponentsISE ConfigurationEnd user perspective and Validation
Cisco Identity Services Engine (ISE) gives you intelligent Integrated protection through intent-based policy and compliance solution. ISE supports external MDM ...
This video provides the steps to configure the Cisco Threat Response (CTR) and ESA Integration.
This is live on the portal:https://video.cisco.com/video/6159336218001
And on YouTube:https://www.youtube.com/watch?v=UCKIdx5rdFg
I need to migrate from C170 to C190 and have already match to the same Firmware Version. I have a question. Is there any method that can export and import the configuration file instead of form cluster ?
This AMA will serve as the Q&A for the Cisco Live Digital breakout DGTL-BRKSEC-1011 - "A Challenger Appears: Defending Mailboxes in the Cloud" which covers a brand new product which will be announced during the event: Cloud Mailbox Defense.