When we authenticate a domain for emailsending the user has the ability to define the sendername by himself like

In some cases we need to authenticate the whole domain to allow the user to send via "news@company.com" but we don't want to the user to be able to set the from email to someting like "ceo@company.com".

We would like to see a security mechanism (like a list of allowed or restricted sender emails) to prevent abuse of the primary domain.