Most phishing emails I receive fall into a handful of categories like:
- "Congratulations! You have won (this or that)" that purport to be from retailers like Costco
- Requests from Netflix to change my login.
- A bank I've never heard of stating that there is a problem with my account.
They often contain the same stock photos and wording, so it shouldn't be too hard to profile and create a reliable signature similar to how anti-virus scanners work.
Another thing Microsoft and other email providers can do is perform an automated WHOIS lookup on the registration information of the originating domain server and not just black list individual accounts but the entire domain name.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho