I understand that blocking spoofed numbers is not currently possible because the number shown is not the actual number used to send a fax into the mFax service. We have all probably been hit by a fax from 200-300-4000 and when attempting to add to the block list, it is denied due to an invalid number.

My recommendation is to create a filter list and if a fax identifies itself as "xxx-xxx-xxxx" (like shown in our fax history log), and that identity has been registered as banned/blocked, that the fax is either rejected or not completed on the mFax side to the client. Why should my client have to receive a fax repeatedly if it is the same spoofed number. The actual fax number used that mFax detects is irrelevant. If someone legitimate tries to spoof their number as something like 200-300-4000, they deserve to be blocked.