Hi @Karlo
Some spoofing emails can be identified by DKIM, SPF. Remaining spoofing emails need to be identified by the users. So You could consider adding a disclaimer to alert your organization members when they receive mail from an external source.
For example: Simply go to the Admin Center, select “Mail Flow”, and create a new rule.
Select ‘the sender is located:’ ‘Outside the organization’
Select ‘Do the following” and
Select ‘Apply a disclaimer to the message’ Or ‘prepend a disclaimer’
Official documents:
Mail flow rule actions in Exchange Online
If an Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.