We have 2 spam issues. The 1st I see answers for - how to stop spam from spoofed senders @ourdomain.com. The second issue we have is users are getting email addressed to fictitous users. I do not see anything in the header to see why they get these. For example firstname.lastname@example.org is getting spam that says it is to "email@example.com" or "firstname.lastname@example.org"
I am not able to see or find a link between the spoofed "TO:" and the actual recipients.
We get dozens of these per day to many of our email accounts. The spoofed email@example.com are usually random except for "firstname.lastname@example.org" comes in almost daily.