Moved to Email Gateway for faster support
you could add another email policy (with higher precedence) which applies only to email@example.com with no blacklist. All other senders from @example.com will then fall into the default policy with the blacklist entry.
In a scenario like this, I personally do not like using policies or blacklists and whitelists. Reason why is you are wasting resources on messages you ultimately want to block. These emails would have to go through all scanning processes of the MEG before the drop action occurs. A bit cleaner and more efficient way to do what you are looking for is to go to email > email configuration > receiving email > permit and deny lists. In the permitted and blocked senders section, add the individual email addresses for the users you want to be able to send from the external domain into the permitted senders list. In the blocked senders list, change the value type to 'domain' and type in the domain you want to block. Save the changes. If you read the description in the blocked senders section, you will see that blocked senders are always refused unless overridden by the permitted senders list. This save resources on the box since we reject the message before it gets to the data phase. A couple of things to be aware of here. Do not have the response for a sender block in this section set to a deny response. If you do, you run the chance of denying the permitted senders from sending to us if a blocked sender tried recently before. The IP would then be in the blocked connections list for ten minutes, so we would not reply to them at all. Also, blocks of this type will not be visible on the message search page. If investigating a problem, you would only be able to find information on the email reports page or the mail log. Hope this helps.