We have white-listed full domains and that creates uncertainty i.e. myservice.com
Anyone can send spam mails and we can't block it.
We have white-listed specific emails / IP addresses and there is no immediate concern.
Any idea how we can tackle white-listing of full domains by implementing security best practices?
The sending of SPAM is not necessarily related to whitelisting of domains and IP addresses.
You can get spam from whitelisted domains if users accounts are compromised or if the whitelisted domain is a generic one for many users/organisations.
The use of SPF, DKIM and DMARC (as mentioned by schroeder) enables you to check that email that appears to come from a specific domain actually comes from the servers advertised for that domain. Even that doesn't stop spam as bulk mailers and spammers often use legitimate host domains which will pass those controls.
Email security best practice is to ensure that any point-to-point mail server links you have (lets say with partner organisations) enforce mutual TLS and that you define your own SPF/DKIM/DMARC correctly in your DNS. Reject anything inbound that fails those tests and run good anti-spam software.
