[judge2020]

That's probably more of a phishing defense, but not really effective either way. 'Good' spammers will be constantly registering domains and only use the ones that are a few months old since time-based spam policies are fairly common. This type of policy only works for low-barrel spam and shady operations that register domains with stolen credit cards and end up losing their domain within a few weeks once the chargebacks get to the registrar.

[gravitas]

Yah, I do not defend it in any way - it's security theatre to me; they also wholescale block entire TLDs (more than one) under the same umbrella, block access (HTTP) to any domain less than 30 days old as well. It is in my experience that most companies of size implement compliance checkbox solutions and do not really care about internal user experience, you (me, we) are expendable and replaceable. Comply or face sanction/termination of employment, compliance is what matters to the business.