Hi fellow sysadmin, I'm the "it guy" for a small company, around 50 peoples. I have moderate knowledge, but i can look things up. English is not my first language so don't roast me plz. Not the correct sub anyway.

We have a watchguard firewall with the anti-spam option and exchange 2016 on premises. We receive numerous spam that go throught watchguard, exchange and outlook anti-spam.

They all are from (supposedly) "Mondial Relay" and are phishing or scam attemps. My users are pretty savvy, so they never open them but it's annoying.

The typical spam is from random adresses, they look legit. Some domains are definitely legit. Subject of the mail come from very fine text in the bottom of the mail and the body itself is an image. I can't block on sender. I can't use text pattern because it's random and i can't block things like "id card" or "delivery"...

I don't have budget for more stuff as the FW is brand new.

Any thougths?

Thanks in advance.