(Not) Using the Additional Spam Filtering option for SPF hard fail to block apparently internal email spoofing - Terry Zink: Security Talk - Site Home - MSDN Blogs | CIO | Scoop.it
A blog about fighting spam and malware by a member of Microsoft Exchange Online Protection anti-spam team

"They want to stop messages from arriving into a customer’s organization that look like it’s an internal message, but really aren’t internal messages. Instead, they are phishing messages from an outside attacker that is spoofing the domain tomake it look like a regular internal message."