See this post, particularly the entries starting 5/29/2024

and this one:

Short answer - Yes.

You can set SMTP to block *.onmicrosoft.com

or even @marin*.onmicrosoft.com

We have over 170 set up. Some of the ones we have set up include : 

*.click*

*.club

*.co.kr

*.co.in

*.date

*.host

*.website

*bizfund*

*animation*

Does this work, or anything that would work for something like commontext*@gmail.com where there are random other text/numbers in the place of the *?

yes, we ahve several like that. : 

aaron*smith@yahoo.jp  where the * is, there is often a 3, 4 or 5 digit number

I just noted that importing SMTP blocks exported from another machine overwrites the existing SMTP blocks. Also, since each entry includes a guid, it's not practical to try to create a file using my long list of domains I'd like to block.

You should expect to have a long and growing list of blocks, IP blocks, DNS blocks, SMTP blocks, and From blocks.   Declude handles this with long text files that are re-read before every message.   Text files are unordered and vulnerable to accidental syntax mistakes.

To work around those problems, I use Declude custom scripts to call SQL procedures on SQL tables.   The SQL tables are indexed and duplicate-free.   Administration is less error-prone than text files.

My design does not use wildcards because I wanted to keep the SQL query efficient.   Instead, I break the domain at labels. so abc.def.ghi.com breaks into four match strings:   

abc.def.ghi.com, 

def.ghi.com, 

ghi.com, and 

.com.   

The longest match wins.   The query result also tells me the reputation of the result string, so a block rule on ".ru" will be ignored in favor of an allow rule on "kaspersky.ru".   

I still use Declude files for things that require a complex match that my SQL design does not support.

Of course, all of this runs after the SMTP session has closed, which means that I have poor choices for notification:   silence or a non-delivery report email.   I have opted for silence; non-delivery reports are blocked at the outbound gateway. 

Hey Patrick, When you export the files, what type of file does it export to ?  I have noticed often many of the data files or exports are basic text files, even if they are extensions as something different.

You could export from both machines and manually merge the 2 files, then re-import.

Utilize SMTP Blocks with wildcards for "onmicrosoft.com" while employing Sender Reputation Filters to further refine spam detection. Leverage Microsoft's built-in Sender Reputation Filters or consider third-party solutions for more advanced filtering based on sender IP addresses, domain reputation scores, and historical behavior.