If you haven't seen it yet, we recently released Cross-Domain Antispoofing protection for our Advanced Threat Protection and E5 customers. You can read all about it here on our official support page (as opposed to this blog): Antispoofing in Office 365.
This augments my previous blog post about intra-org (or self-to-self) spoofing, which is at http://aka.ms/AntispoofingInOffice365 (yes, the title of the official support article is the same as the short link in this redirector, but they are not the same article).
It also augments my other blog post Troubleshooting the red safety tip in Office 365.
The all-up guide is quite long, but it should contain almost everything you need to know about how antispoofing protection works in Office 365. It's also a living document, which means that as we release features, I'll go back and update it.
Hopefully you find this useful.