Very interesting. However, there is not sufficient information there to definitively filter on their emails. We could set up a rule filtering on the IP address in the spf specification, but that might not always work because they don't require their clients to send from those servers, though they might recommend it.
We are guessing in the dark without access to the headers of some sample emails. It should be easy to filter on things that actually appear in the headers, but if you are not willing to either look at them or post them, I cannot see how I can help you further.
|