Claims to be able to detect phishing campaigns would carry a bit more weight if they were able to detect phishing emails sent via their own service claiming to come from them.
Are you sure you understand how the attack works?
The email header is what's being changed. Like, I own a rogue server based in, dunno, Waseemstan. I'd forge the email header to say that the email comes from, say, Trump's personal website or something. The email providers have zero control over the message because it isn't even being sent through their network.
Edit: Have just re-read your post ... Is your point that, for example, Office 365 should know it when the email header says that a message comes from an Office 365 email server, while in fact it doesn't?
Biting the hand that feeds IT
