If you want to create a Pattern Filter that will block anything for non approved Top-Level Domains (TLDs), you can use the following in Filter Rules > Pattern Filtering > Blacklisted Patterns:
Filter Expression: Matches Regular Expression
edit the part in bold to match what you want
Check Apply to Headers -only-, and add "EnvelopeFrom" to the list of headers.
Rule Type: Soft blacklist
Score: 15 (or similar)
What this will do is check the "Return-Path:" headers and flag them if they are not (?!) in the .com/.gov/.net/etc after the @ symbol
==> You will have to customize (com|gov|net|org|edu) to fix your needs
Unlike System Setup > Mail Relay > Sender Controls > Blacklisted Top Level Domains (TLDs), you can whitelist around this (even Whitelisted IP won't get around a Blacklisted TLD).
You still may want to blacklist top-level domains for performance reasons and/or to keep their stuff out of Quarantine Reports.