The Mail rules do not allow the use of "wild cards" for pattern matching. Spammers are known for changing the sender domain name to avoid spam blockers and mail rules. What you can do is determine the sender's Return-Path header field as this is the mail server that they use to get the junk to you. I have found in practice that concentrating on a Return-Path pattern allows me to control dozens of emails from the same organization using different sender credentials and names.
As an example, I used to get about 30 SPAM emails a day until I established these rules with slight variations in the beginning mail server Return-Path name string. Almost as good as a wildcard in the positive results:
It is just a case of looking for patterns in Return-Path server strings.
The Return-Path headers string is not configured by default in Apple Mail, and you must add it as a custom header at the bottom of the menu when you click the default From header selector.
and you add Return-Path exactly as shown below:
Once you have done this, you can change the default From header selection to Return-Path.
Let's say you have one of those unwanted emails arrive with "deutsch" in the Sender (From header) field. To implement the above Return-Path screening, you select that single email in your Messages list, and then either edit an existing Mail rule or add a new rule. When you change the From selector to Return-Path, and initially choose contains, the empty server name field will automatically populate with the entire Return-Path server string of the message that you selected. You do this with other messages that you want to filter and eventually, as I have done, you see a pattern emerge for the Return-Path and. you can shorten the quanta of individual condition entries to those that now use begins with and the first few unique characters.
When you have configured your chosen Perform the following actions section (here is mine):
and click OK, a dialog will appear asking you if you want the rule to act on the selected message. When you agree, the message is acted on. In my case, I can look in my Junk folder and see the messages affected by this rule as they are screaming yellow.
The one side-effect of using Return-Path as I have shown is that some legitimate email may also be using some unique variation of the same mail server name that occurs after the begins with string, and you have a low risk of affecting those messages when they arrive. I have observed that this does not happen very often though. It may pay to check your junk mail folder for a while to be certain. The entire Return-Path string is like an account number for the user of the Return-Path server, so the entire string is unique to those using it.