1. Don't bypass spam filters for internal senders.
2. Don't include domains in the approved senders list.
3. Don't add IP addresses to your allowlist.
4. Enable additional spoofing protection.
5. Enable external recipient warnings.
6. Enable additional link and external content protection.
7. Your own domain should not be whitelisted in spam policies.
8. Typo-squatting domain(s) should be blocked in incoming email server/gateway appliance.
9. IP reputation should be monitored for genuine sources, especially email marketing.