Fastmail also uses global blocklists and reputation scores that can override your training. Could also be the sending IP is shared with bulk senders.
Marking as "not spam" should help over time. If it does not, create a rule to always deliver from that domain. That is the only way to guarantee it never happens again.
Visa, Mastercard, and PayPal stopped processing payments for adult sites that used deceptive marketing. Hosting providers terminated accounts that sent image-based spam because the legal risk was too high. The same approach would work for other spam types. Target the payment processors, the hosting providers and make spam financially unsustainable.
Click rate is higher because AI removes the broken English and generic scams. But detection is not the only answer.
Most phishing comes from a small set of hosting providers that ignore reports. The real fix is making abuse reports actionable. Fix that, and you cripple the economics of phishing. AI detection is reactive; killing the source is proactive.