They could. The success of that approach would vary though. The email provider could look for that too and resend the email. They could also disallow rules that block emails from them in this case.
The user could also get the email on their device if the hacker doesn't delete it quickly, which is a possibility given the low and slow nature of this scheme.
The user could also get the email on their device if the hacker doesn't delete it quickly, which is a possibility given the low and slow nature of this scheme.