How to block emails from the "From address" - ORF Forums

We are seeing a big influx of spam emails getting through, where the from address is from an address we would recognise as a contact but it it not from them.
Below is a snip from the mail header.
Date: Wed, 26 Jul 2017 02:29:15 -0500
From: "Mark.Wilson@" <tis.co.uk >

So in out look it shows the email is from Mark.Wilson@
Is there a way to block emails that have no domain details after the @
I did sender block using *@ but no luck, so i assume the sender block list looks at the actual address not the from address.
Thanks
Russell.

@xtruss: Part of the header didn't get pasted in.
The sender is trying to spoof
Outlook just shows Mark.Wilson@

Date: Wed, 26 Jul 2017 02:29:15 -0500
From: "Mark.Wilson@" <tis.co.uk

@russell.singer: A keyword filter, header, regex may help but I think this spammer made a mistake and will likely correct it soon so this rule may only help for a short while.

Keyword, Header, Regex (untested, you may need to adjust it)
.*From: \".+?\@\"

You could also look into ORF's Greylisting, which may help you but could introduce delays.

You could look at the SPF Test, so that when they correct their spam script and add a domain it may not have a valid SPF record, so the SPF test may help there too.

I think all this is in the ORF Best Practices documentation...

@Sam Russo: Thank you for the reply...
I shall give that ago, but it looks like for now that flurry of spam has no stopped!
We have greylisting and spf implemented, it just seems a constant battle sometimes keeping ahead of the spammers..

@Sam Russo: HI, just to let you know the keyword filter worked a treat, it has caught a load of junk over the weekend.

Thank you.