If you block something, you have to ask yourself: How many innocent,
unsuspecting legitimate senders
Who cares, these "unsuspecting legitimate senders" should take their
business somewhere else.
This is extremist. You are confusing offenders with victims. Fight
offenders, not victims. Every single rule in the default SpamAssassin
ruleset is targeted against offenders, not against victims. I propose
you keep it that way. If you start to block everything that once sent
spam, you end up blocking half of the internet. You have to accept this
is an ongoing war against spammers, and every time you add a new rule to
detect spam content, the spammers adapt and invent new ways to
circumvent. You cannot go further than dnsbl with their automated and
temporary blocks - if you start to block manually mail providers as some
answer suggested, this is usually a permanent block and from then on a
permanent nuisance for own customers who expect mail from outlook.com
users and a permanent nuisance for remote customers who chose
outlook.com as provider. A nuisance that is more severe than some
undetected spam mail. You forgot: spam detection by content still works.
Outlook.com is not on some whitelist.
