Yeah, I’d mark the first email as phishing because of the fake sender and urgent credential request-the domain doesn’t match and that’s a classic red flag. The second one's just spam: generic marketing, unknown sender, plus those sketchy coupon attachments, so you add it to the spam filter. Third is clean-legit corporate sender, nothing suspicious about it. Common trap here is thinking you only filter after repeat spam, but policy says prevent all future so filtering right away is needed. Pretty sure this matches what CompTIA wants. Anybody see it different?
I don’t think deleting is enough for the spam email-policy just says all future spam to users must be prevented, so add the address/domain to the filter right away. Deleting on its own only solves that one message. Phishing gets reported, legit business mail stays in the inbox. Pretty sure that’s what CompTIA is looking for here, but open to other reads if I missed something obvious. The main trap here is assuming filtering is just for recurring spam.
