As you described:"So if user@external.com emails DL@internal.com the from address is rewritten to something@internal.com for the external users on the DL - this way the spf records will match and less likely to be caught in spam filters. But the rule...