Its not enough to just check sender e-mail, there is software that can fake a real blockchain from sender name, but when you click on link it will reroute you to the fake site.
Best practice would be if you did not expect any mail, just remove it without opening. By just click open the spammer will know you took action and opened it, its called 1-pixel tracker and is used as a marketing technique. The sender will know your ip and date/tine of touching the mail.
/KX
I know about domain spoofing to make phishing email sender address same as original sender. That can be very dangerous to member who not double checking content inside email.
Just removed without opening email, it's easy if (phishing target) email not registered to blockchain.com. But how about someone who get this email and also registered on blockchain.com, i think they will open that phishing email, and very possible to click anything inside content.
edit: typo