Symantec Messaging Gateway (SMG) permits external messages that appear to be sent from internal senders (spoofing).
One of the limitations of the original SMTP protocol is the lack of sender authentication capabilities. This is one of the enablers of spam messages, and allows the sender to spoof any email address, including your own domain.
Symantec recommends the creation of SPF records for your domain, and usage of sender authentication via SPF and Sender ID.
Symantec recommends configuration of DKIM and content filters:
DMARC adds upon SPF and DKIM technologies, including policies for handling false mail and reporting. Symantec recommends configuration of DMARC records and content filters.
If the internal domain environment was designed no local email should be coming inbound, email can be safely deleted by adding local domains to the Local Bad Sender Domains list.
 Symantec Enterprise Support Services (ESS) does not support the creation or troubleshooting of sender authentication records, except for the DKIM functions integrated into the SMG. If further configuration help is warranted, Symantec offers Email Fraud Protection as a service, which configures all sender authentication methods. Contact Broadcom Sales for a trial and pricing.