What's exceptionally frustrating is that many of these so called anti-spam "solution" and "mail servers" are written by complete muppets.

For example, EVERYONE with more than one braincell and any spam experience whatsoever knows that the "reply-to" / "sender" address are "trust" fields and therefore can be filled with whatever the real sender feels. As a result, blocking by "reply-to" / "sender" is just pointless.

Mail server software developers are also an incompetent, dumb-ass bunch - as you get typically get hundreds of "no such user" or "this is spam" responses but the software writers don't bother to include the full headers of the original message (typically just the "sender" address). As a result, you've no way of knowing whether the damn message did originate from your systems or not.

I manage a corporate network and one of the first changes I put in place was to alter the corporate firewall settings so the one system on the network that can send and receive mail is the mail server. If you don't do this, and you run a corporate network then you're insane. Before I did this (and to a lesser extent cleaned all systems and installed a decent AV solution on every system), our domain was continually being black listed as a source of spam. Since then we've been fine - we've had the usual spoofed "sender" addresses but there's nothing that we can do about that.