The purpose of this filter is to catch emails where someone is trying to use an internal name on an external email.  In order to replicate the ForgedFrom filter in SecurityGateway there are a couple of minor changes required. I've posted a screenshot below of the test filter from Meducom. There are no TextFiles so the RegEx needs to be put directly in the filter. You also no longer require the REGEX: in front of the expression as there is a drop down where you select Match Regular Expression. The last part where it states sender address does not contain is where you will list all the personal email addresses for the employees. If they are not added here they could be prevented from sending messages from their external email addresses. The rest of the filter is pretty self explanatory from the image below.