I don’t know why Microsoft doesn’t just reject unknown recipients by default right at the connection phase. This causes issues for spam filters like the Fortimail if SMTP recipient verification is done rather than LDAP.
Here’s the setting in O365 to reject invalid recipients:
Exchange admin center –> mail flow —> accepted domains
and make it authoritative so all e-mail for unknown recipients is rejected: