If spam is making its way in using spoofed email addresses you can edit the following in the Office 365 Exchange Admin center.
Select “Rules” and “+” to create a new one named “Spoof Email Block” as shown below:
Apply the rule and then monitor the quarantine. If the rule appears to be working as you expect you can then change it to delete the email instead of quarantining them. The other advantage of the quarantine method is you have an audit record of how many emails are coming in that way.
I would also recommend adding the following to enforce SPF:
Select ”Exchange” “Spam Filter”
Then Edit the “Default” rule.
Select “advanced options”
turn SPF record hard fail to “On”
turn Conditional Sender ID filtering hard fail to “On”
and save as shown below:
Note: Please make sure to review my blog on setting up your SPF records before implementing the settings above.
DNS SPF Basics What you need to know