This rule is designed to quarantine external inbound message that appear to come from your organization. This tool will only work if you deliver your internal e-mail from your domain locally. If you receive e-mail from an external source using your domain name your messages will get quarantined.
You can find this setting in Company Settings > Spam.
Add a check to: Inbound domain spoofing protection:
Messages in the quarantine should appear with a new category: Domain Spoofing.