Recently more of the email that bypasses Gmail's spam filters has a return address with the suffix "*.xt.local". I've been able to find low quality posts about this issue from at least 2017, but in the past few months the volume has increased significantly.
One source of the emails has been spammer customers of Salesforce.
I'd previously marked one of these as spam, when I view it from inbox Google shows me:
"You unsubscribed from <100018015.xt.local>"
If I try to reply I see:
If I choose to filter I get this as a filter criteria
Has the words: list:(<100018015.xt.local>)
An expert on spam filtering tells me xt.local is the name of an email list.
I've added xt.local to Gmail's (increasingly obscure) filters as an automatic delete. I currently have it in there as a return address but if that doesn't work I'll try it as a label.
Google's 'show original' extracts the following header information:
From: SIXT <firstname.lastname@example.org>
Subject: Start your week in style! Up to 30% discount on midweek rentals
SPF: PASS with IP 184.108.40.206 Learn more
DKIM: 'PASS' with domain e.sixt.com Learn more
DMARC: 'PASS' Learn more
I'll update this post if filtering on xt.local as the sender address doesn't work.
PS. When I searched on this, even using Kagi (which is looking to be a very interesting search engine if they can stay in business), I found very few useful posts. Even five years ago there would have been dozens. Something rather important has been broken.