Engineers built legacy email spam filtering to block bulk junk mail, not the targeted identity attacks that now drive billions of dollars in annual losses. According to the FBI IC3, business email compromise (BEC) scams resulted in $2.77 billion in reported losses across 21,442 incidents in 2024.

Attackers succeed not through malicious code but by convincing recipients to act on fraudulent requests. The gap is rarely about "bad" content alone; it's about trust, authority, and context that many legacy controls weren't designed to weigh. Here's why traditional email spam filtering often struggles with identity-based threats, and where behavior-informed detection can change the equation.

• Legacy email spam filtering is optimized for bulk indicators (keywords, known-bad infrastructure, and reputation signals) that targeted identity attacks often avoid.

• Email authentication protocols (SPF, DKIM, DMARC) verify domain infrastructure but do not validate the human identity behind a message or its intent.

• Psychological manipulation through authority, urgency, and familiarity often looks like legitimate business communication at the content layer.

• AI-generated phishing produces linguistically polished messages that reduce the surface-level cues many filters historically depended on.

• Abnormal's Behavioral AI establishes communication baselines and helps surface contextual anomalies that signature-based and rule-based approaches may miss.

Legacy email spam filtering systems excel at stopping mass campaigns but often miss targeted identity attacks because they emphasize static indicators over relationship and workflow context. Traditional filtering depends on keyword blacklists, known malicious domains, bulk-mail volume detection, and sender reputation scores.

Sophisticated attackers work around these controls by using everyday business language, newly registered domains, and compromised legitimate accounts that carry clean reputations.

Rule-based systems scan for surface indicators: specific keywords, flagged domains, and volume patterns associated with spam campaigns. Many legacy filters also evaluate each email largely in isolation, which can strip out the relationship context and communication patterns that reveal identity-based threats. When an attacker crafts a message using standard business vocabulary from a domain with no prior negative reputation, traditional email spam filtering may not have a reliable mechanism to flag it.

These systems also require manual updates to address new threat patterns. Security teams must identify an attack technique, write a rule, test it, and deploy it, a cycle that creates a persistent window of exposure. Identity-based attacks evolve faster than rule libraries adapt, and each new variation can slip through until a corresponding signature exists.

SPF, DKIM, and DMARC provide important but fundamentally limited protection because they confirm domain-level sending alignment without establishing the human identity behind a message or its intent. This gap matters because identity-based attacks can succeed even when a message originates from "authorized" infrastructure. Understanding how email authentication works in practice helps illustrate these limitations.

SPF basics: SPF authenticates the envelope sender's IP address against an authorized list, but users never see the envelope address. They see the display name, which can differ entirely from the authenticated address.

DKIM basics: DKIM verifies message integrity using cryptographic signatures, but organizations often authorize third-party services to send email on their behalf. Long-lived keys and overly broad sending allowances can create exposure if teams don't rotate or revoke access when business relationships change.

DMARC basics: DMARC aligns SPF and DKIM results with the visible From address, but it still doesn't evaluate whether the sender's behavior and request make sense for that user, vendor, or relationship.

These architectural gaps create a consistent blind spot: when an attacker compromises a legitimate account, subsequent emails can pass SPF, DKIM, and DMARC validation. The message originates from authorized infrastructure, carries valid cryptographic signatures, and aligns with the domain's published policy. Email spam filtering systems that treat authentication status as a strong trust signal may allow these messages through, even when the request is fraudulent. Behavior-informed detection can help close this gap by analyzing whether the authenticated sender's activity matches established patterns.

Behavioral baselining adds the relationship and workflow context that targeted identity attacks tend to exploit. Instead of judging a message only by isolated content signals, it asks whether the sender-recipient interaction makes sense in the broader communication history.

Behavioral baselining establishes norms for every user and vendor relationship: typical communication timing, writing style, request types, and approval workflows. When something deviates from those norms, behavioral analysis flags it for review.

For example, an attacker might alter banking details in a vendor invoice that passes every authentication check and contains no malicious content. The message looks legitimate at the content level, but it deviates from the vendor's established language patterns, request cadence, or relationship history. Many legacy tools were not designed to model "who normally asks whom" for specific actions, but behavioral analysis can.

Rather than scanning a single dimension like content or reputation, behavioral analysis simultaneously evaluates sender history, recipient relationships, content semantics, and timing patterns. This multidimensional approach can surface attacks that align with some normal parameters while deviating in others: correct sender domains paired with unusual request patterns, or familiar formatting combined with abnormal urgency signals.

Identity-based attacks exploit psychological principles that content filters often struggle to assess directly. Authority, urgency, and familiarity drive many of these campaigns, and they operate above the technical layer where traditional email spam filtering is strongest.

Authority fraud involves imposters demanding immediate wire transfers while claiming executive authorization. Urgency tactics transform routine requests into emergencies through phrases like "critical deadline" or "immediate action required." Familiarity attacks hijack genuine conversation threads, continuing previous discussions to establish trust before introducing malicious requests. These psychological triggers may contain no malicious payloads, no suspicious links, and few of the indicators that content-based systems typically evaluate.

The Verizon DBIR found that approximately 60% of confirmed breaches involved a human element, including errors, social engineering, or misuse. Awareness training provides incremental improvement, but human judgment under time pressure remains fallible.

Behavioral AI adds a detection layer by mapping organizational relationships and communication patterns, helping surface requests that violate established hierarchies or bypass normal approval channels, regardless of how compelling the message appears to the recipient.

Emails from compromised accounts often represent a direct bypass of email spam filtering because they originate from legitimate, authenticated infrastructure. Every trust signal that legacy systems rely on—sender reputation, domain authentication, and historical sender behavior at the domain level—can still look "clean."

Account takeover attacks create a cascading trust failure. A compromised CFO account sending urgent wire transfer requests uses proper formatting, originates from the correct domain, and passes every authentication protocol. Industry data underscores that this problem is accelerating: according to the FBI IC3, total cybercrime losses reached $16.6 billion in 2024, with BEC accounting for $2.77 billion of that total, reinforcing that authentication-based trust models may not hold up as a standalone defense.

Compromised accounts often show detectable behavioral changes: accessing systems from new locations, sending messages at unusual times, establishing suspicious email forwarding rules, or making requests outside normal patterns. These signals live in the behavioral layer, not the content layer.

Behavioral AI can help identify when legitimate accounts start operating differently from their established baselines, flagging anomalies that authentication protocols and content filters often overlook.

Generative AI has reduced the surface-level indicators that email spam filtering systems historically relied on to catch phishing. Grammatical errors, awkward phrasing, and unnatural sentence structures once served as reliable signals. Phishing content now regularly achieves native-level linguistic quality that looks indistinguishable from legitimate business correspondence.

Attackers use large language models for automated reconnaissance, crafting highly personalized messages that reference real projects, mirror organizational communication styles, and maintain contextual coherence. These messages contain no malicious attachments, no known-bad URLs, and little content that triggers keyword-based rules. Static filters scan for what they've seen before. Attackers engineer AI-generated attacks to look like something the filter has never flagged.

Unlike legacy filters that depend on manually updated rule sets, behavioral AI can continuously retrain on live traffic patterns. This adaptive approach can help identify machine-generated attacks by detecting subtle deviations in communication behavior, regardless of how linguistically polished the content appears. When attack techniques evolve, behavioral models adjust detection parameters without manual intervention.

Attackers increasingly use delivery techniques that minimize the indicators content-based email spam filtering expects to see, including:

• Telephone-Oriented Attack Delivery (TOAD): TOAD emails embed phone numbers rather than malicious links, directing recipients to call attacker-controlled numbers for social engineering. A phone number looks like legitimate business contact information, and blocking phone-number patterns at scale can create unacceptable false positives. While the initial lure arrives via email, organizations typically need complementary controls beyond email security for the voice portion of the scam.

• QR Code Phishing (Quishing): Quishing attacks hide malicious URLs inside image files that many text-based email filters don't parse. Because the link lives in an image rather than readable text, conventional URL scanning and domain reputation checks may never evaluate it. Behavioral detection can help by flagging unusual QR code usage for a given sender or an atypical request pattern.

• Trusted Platform Abuse: Attackers host phishing pages on legitimate cloud platforms. Tools that rely heavily on domain reputation scoring can inherit the host platform's clean standing and treat these links as safe. Behavioral analysis focuses on whether the sharing request fits the sender's established communication patterns rather than relying only on destination reputation.

Because these techniques reduce traditional content signals, many teams pair baseline filtering and authentication with context-aware behavioral analysis and clear verification workflows for high-risk requests.

Most email programs still need a layered approach: baseline filtering and authentication for common threats, plus stronger defenses for socially engineered and account-driven fraud. Adding behavioral intelligence helps teams model relationships, establish communication baselines, and flag contextual anomalies across email and collaboration platforms.

Abnormal adds this Behavioral AI layer on top of existing email infrastructure to help surface the identity-based threats that traditional filters may miss. Get a demo to see how it works.