Email domain names are spoofed every day and while you can use different techniques to try to block them such as SPF, DKIM, DMARC, these emails are still going to get through occasionally. Spoofing techniques are changing as fast as filtering rules can be implemented. The best remedy for spam email is education. Teach users how to spot spam and to inform you if something seems suspicious. I'm not saying that you should teach them to read email headers, but you would be surprised how many people don't know that you can hover over a link to find out where it goes. Education helps everyone here become very good at spotting spam.