DevHeads.net

OT: Risks & mitigations of allowing an external sender to send to us (with sender 'same domain' as us)

There is an external app server (that is our service provider) that we want
them
to blast emails to a team/department in our organization (email domain @
xyz.com)
but these emails will have the sender to be in same domain as us ie @xyz.com
.

What are the risks of permitting such bypass (ie disable Norelay) in our
MTA
(it's MS Exchange) & if we have to permit it, what mitigations we can put
in place?

Roger