It blocks all outbound traffic and allows you to make exceptions to this rule. The nice thing about these exceptions is that they can be on an application by application basis. I can allow Firefox to connect to port 80 but not allow Safari if that’s what I want to do.

You could allow udp connections on port 53 to each application individually until you find the one that is doing the MX requests. (Being an MX request I would suspect your email program first… but a spam sending engine would generate a LOT of dns MX requests. It depends on what you mean by “a lot”)

I did a search for Little Snitch equivalents for Windows and apparently there’s not much available. Some reports say to try ZoneAlarm, Comodo or Outpost for Windows.