You... seem to get a lot of spam! Just out of interest, across how many unique local recipient addresses is this, and how did you determine these messages were illegitimate?
That doesn't seem too surprising. While my account just gets three or so "digital marketing" or "mobile app" spam a day from Outlook, Mom was getting dozens of Apple / Home Depot / Harbor Freight / Lowes phishing spam a day from Outlook. Reporting them did absolutely nothing, and there were no identifying patterns beyond the painfully obvious fact that they were all from the same campaign, so I'd wager that creating unique accounts on Outlook is trivial.
The 'digital marketing' and 'mobile app' spam is, in my experience, mostly sent via 'retail' outlook/gmail/aol/yahoo/hotmail.com accounts, and mostly by actual people pasting the address list into the BCC field.
These are not that easy to filter due to the risk of false positives, but in general, a sender with a From: header matching '.*\d{1,}@(outlook|gmail|aol|yahoo|hotmail)\.com`, no To: header matching the actual recipient, and a number of keywords in the message text can be safely rejected as bizdev/SEO spam.
The big-brand spam is actually pretty easy to filter, as there are always 'tells' in the message structure. Even just requiring a match between From: display names and domains yields pretty good results, especially if you normalize the display name to eliminate homoglyphs and nearly-similar spellings.