You should expect to have a long and growing list of blocks, IP blocks, DNS blocks, SMTP blocks, and From blocks. Declude handles this with long text files that are re-read before every message. Text files are unordered and vulnerable to accidental syntax mistakes.
To work around those problems, I use Declude custom scripts to call SQL procedures on SQL tables. The SQL tables are indexed and duplicate-free. Administration is less error-prone than text files.
My design does not use wildcards because I wanted to keep the SQL query efficient. Instead, I break the domain at labels. so
abc.def.ghi.com breaks into four match strings:
abc.def.ghi.com,
def.ghi.com,
ghi.com, and
.com.
The longest match wins. The query result also tells me the reputation of the result string, so a block rule on ".ru" will be ignored in favor of an allow rule on "kaspersky.ru".
I still use Declude files for things that require a complex match that my SQL design does not support.
Of course, all of this runs after the SMTP session has closed, which means that I have poor choices for notification: silence or a non-delivery report email. I have opted for silence; non-delivery reports are blocked at the outbound gateway.