Spam from Spoofed address coming in even when blacklisted
We are using exchange 2007 and getting phishing spam emails coming through with spoofed email address from @microsoft.com and @welcome.aexp.com (american express).
My main question is how to prevent mail coming through from spoofed domains. The only guides I see online are for preventing spoofed messages from YOUR domain. This does not help as it is coming from another domain.
Second question is how they could continue to be delivered when the email address (in this case firstname.lastname@example.org) is added to a match list to be blocked. Also added was @*.aexp.com and @welcome.aexp.com yet the mail continues to be delivered. In the Message Tracking Results through exchange, the ip addresses responsible are from Russia, Greece, Korea, etc. It does not help to block these IPs as the next message will come from a different ip later on.
any suggestions or help?