No, this is not something you can do from the PHP side of things. The idea is that the attacker will simply bypass Joomla's email sending and will use PHP's built-in mail() function directly. This function cannot be limited by other PHP code, therefore you cannot do what you are trying to do.
What you can probably do is a bit different. First, configure Joomla to use SMTP to send emails through your hosting provider. This uses the built-in PHPmailer library to connect to your mail server using SMTP which is a few milliseconds slower but safer, since it requires authentication. Then ask your hosting provider to disable the built-in PHP mail() function. This will prevent most unauthorised scripts from sending out emails.
Of course the best solution is to avoid being hacked in the first place. Still, what I described is a good way to block most ways a hacked site can send emails which is a decent last line of defence.
Nicholas K. Dionysopoulos
Lead Developer and Director
🇬🇷Greek: native 🇬🇧English: excellent 🇫🇷French: basic • 🕐 My time zone is Europe / Athens
Please keep in mind my timezone and cultural differences when reading my replies. Thank you!