CMMC Practice SI.3.218: Employ spam protection mechanisms at information system access entry and exit points.
CMMC CLARIFICATION (Ref CMMC – Appendix B)
Spam filters should be applied on email that is inbound (coming into the organization) or outbound (leaving the organization). Inbound filters can protect the organization’s users from spam originating on the internet. Outbound protection helps the organization identify the origins of potential spam on their own network. Without this, an organization risks having its email server blacklisted for sending spam emails.