The best thing you can do right now is learn about 'rules'
In mail preferences you have the possibility to set up rules to filter email by things like subject, sender etc, and you also have the possibility to delete messages automatically so if they are all coming from the same domain for example, with a bit of thought you can make them all dissapear before yolu see them or if they are all offering you a prize or something, then you can make all the messages with prize disappear.
Eventually they will disappear as the spam sites are taken down. The best thing however is teach him to use 'hide my email' or have a couple of junk addresses set up in advance for sites that require your email address as a matter of course (I have had a hotmail address I set up more than 20 years ago which works for that sort of thing and I've never once checked it.) Similarly 10x '0s' often works for a telephone number which you know they are going to sell.
But even then it happens as there are bots trawling the web constantly.
But prevention is better than cure and I would never use a single email for everything.
It happens sometime and it isn't up to Apple to go through every email you get or every word in every email and decide what you want to receive or not. They aren't even allowed to do that. They can only look for a known spammer from a known address.
I'm going to include some info provided by an email service I pay for which has very good security which explains this:
-----
Some --- users complain that they receive a lot of spam in their mailbox. We would like to explain the reasons for this, why it happens, and how spam filters work.
If you want to successfully filter out spam, you can use content properties (the word ‘Viagra’ in the subject line) as well as a number of technical properties: Who sent me this e-mail? How does the sender behave? Am I dealing with a normal mail server or a
virus botnet? Where was this e-mail sent from?
It’s important to recognize that you’re talking to a spammer (or its software). This is possible to do very reliably and quite easy thanks to special procedures and technical properties. That’s why the content of the e-mail is a secondary concern. A spam e-mail is not classified as such because the work Viagra is in the subject line, but rather, because a spammer sent it. This is only right and important. Providers are not authorized to censor content (for example, ‘No Viagra e-mails from the doctor’); rather, they have to use their skills to detect spammers.
As a result, it is only possible to successfully filter spam by talking to the spammers themselves. All of these important identifying features are lost as soon as the first normal mail server accepts the e-mail, as the e-mail is then forwarded from one clean system to the next clean system and rated unproblematic from a technical point of view.
As a result, the first provider that receives the e-mail is responsible for spam filtering. All subsequent providers can limit the damage and try to ‘save what’s left to save,’ but they will no longer be able to reliably filter on account of the lost technical details. If these providers then tried to compensate for the lost technical information by using aggressive e-mail content filtering, the danger of accidentally filtering real e-mails (false positives) would increase enormously.
----
In other words the provider that accepted the email to send is what launders the email and as long as that's OK then Apple, Google etc will not see it as spam.
