They aren't false alarms as all they are alerting you to is a suspicious email not an infected email.
The iFrame tag is more commonly used in web pages to import data into the iFrame (and in emails usually for ads), it can also execute programs/code in these iFrames and as Vlk said there isn't an easy way to determine the intention of what is to be loaded into the iFrame.
So they are a very powerful tool that can be used for good or evil.
You also get a choice as to what to do upon receipt of these suspicious emails, if you haven't a clue who or where there from or they are unexpected, then deletion is the safe option. However if you know who it is from (and that information can be faked) then you can allow it. So if you are expecting these emails from distribution lists and they appear to be from that source let them through. You can add the URL of the destination of the remote iFrame (where it is getting the data from, see image), this is a little bit of a problem if the remote source is always changing, but often it will be the same.