You want to block all SMTP from endpoint devices unless the sender's email is trusted.
For example, a user adds a personal MS account mailbox to the Outlook client on their corporate laptop and then sends classified information to an external email recipient.
This should be blocked.
However, the user should still be able to send emails from his/her corporate account.