[PreInternet01]

The 'digital marketing' and 'mobile app' spam is, in my experience, mostly sent via 'retail' outlook/gmail/aol/yahoo/hotmail.com accounts, and mostly by actual people pasting the address list into the BCC field.

These are not that easy to filter due to the risk of false positives, but in general, a sender with a From: header matching '.*\d{1,}@(outlook|gmail|aol|yahoo|hotmail)\.com`, no To: header matching the actual recipient, and a number of keywords in the message text can be safely rejected as bizdev/SEO spam.

The big-brand spam is actually pretty easy to filter, as there are always 'tells' in the message structure. Even just requiring a match between From: display names and domains yields pretty good results, especially if you normalize the display name to eliminate homoglyphs and nearly-similar spellings.