Spam is common, and typically addressed through junk mail filtering on the client computer and on the mail servers in use. Mark the messages as spam, and—as available—also train the filters on the mail server.
As for geo-blocking, that’s long been and remains problematic at best, and—between widespread use of breached computers and the routine availability of free and paid hosting services worldwide—approching futile as a security-related measure.
More generally, review and update your current security settings per the Apple security recommendations, use robust and unique passwords, use two-factor on all critical accounts and preferably on password-recovery paths, deep and preferably multiple backups and off-site backups if the data is sufficiently valuable, enable encryption on your backups, archive your iCloud data, keep your equipment patched to current (you’re concerned about security, yet the footer here indicates macOS 11.6), set up for account recovery of your Apple ID, set a PIN or passcode with your cellular provider(s), enable FileVault encryption if not already, see if Private Relay works for your usage, and disable remote image loads in Mail if that’s not already disabled, and do have a look at migrating to zero-trust security (such as BeyondCorp) as firewalls are routinely bypassed.
This all off the top.
There can be other considerations here too, particularly if you’re a target such as a dissident, political activist, senior official, with access to sensitive or financial or classified information, of interest to someone very rich or very powerful, or on a path to same, or routinely travel across various national borders and across various private networks.
