The latest scam emails spoof a from address example from source data:-
actually from smtp.mailfrom=Stromarkt.onmicrosoft.com;
However if you block via BT email it blocks the spoofed address and domain. The only option is to manually add *@Stromarkt.onmicrosoft.com but of course they just send from a different address e.g. @different.onmicrosoft.com.
1. BT email should use the source data to present the real address on the mail view it has complete access to it and block that address not the spoofed one. When I realised what had been happening it was too late to benefit from offers etc. because the domains had been blocked.
2. There needs to be an option to block from the the last but one dot of the actual domain e.g. *onmicrosoft.com even in manually blocking senders there is no option for this and you can only block from the @ as above.
To me it is unbelievable that non of their own systems pick this up and that BT protect(mcafee) fails as well.