Email headers will tell you everything you need, to determine if the email is legit or not.
If it's passed SPF, DKIM, DMARC, you can confidently assume it's coming from the domain it claims to be.
At the minimum it will have the email return path, so you can verify that it is going to the correct domain, and not a gmail, outlook.com, etc mail address.
The other points around links, embedded email addresses not matching, signature block missing, etc, all back this up very quickly.
Bookmarks