Inbound Email Protection

Precisely block email attacks including phishing, malware, ransomware, social engineering, executive impersonation, invoice fraud, and spam and graymail, using behavioral AI.

Deploy in minutes at any scale. No configuration or policies required.


High-Efficacy Protection
Against All Types of Email Attacks


Complete Email Attack Protection

Uses behavioral AI to detect attacks that evade cloud email security and SEGs

Streamline Security Operations

Deploys with one click, and is proven to simplify your email security architecture

Improve Employee Experience

No more spam and quarantine digests; keep end users in their mailboxes


Stop Attacks That Evade Secure Email Gateways

Continuously analyzes email, Active Directory, and security logs via cloud APIs to baseline good behavior and precisely block modern attacks and unwanted email
inbound email security employee profile

Profiles Good Behavior

By integrating with Microsoft Office 365 and Google Workspace, Abnormal continuously learns about the digital identity of every employee in your organization.

  • Which department do they belong to? What title and level do they hold?
  • Which employees are subject to greater risk?
  • When do they typically log in, from where, and using which devices?
  • With whom, why, and how often do they communicate with each other?
  • What content do they typically share? What is their tone over email?

These signals enhance our detection capabilities without any need for custom policies.

inbound email protection remediating email for anomalies

Precisely Detects and Remediates Anomalies

Unlike secure email gateways, Abnormal scans every email, including internal messages. Using known good behavior baselines, every email is precisely scrutinized for anomalies.

  • Do they communicate this frequently?
  • Are the tone and the content shared typical?
  • Does the account appear compromised?

This behavioral-based analysis precisely strikes down all threats within milliseconds, including never-before-seen socially-engineered email attacks.

inbound email security profiling vendors

Profiles All Your Vendors For Potential Threats

Your organization’s security posture is only as strong as the security posture of your vendors.

Soon after you integrate with Abnormal, VendorBase reviews all your emails to extract your vendor relationships. It then continuously monitors your vendors for security risks observed across the entire enterprise ecosystem and automatically identifies when a vendor has been compromised.

Defense In Depth v6

Simplify Your Email Security Stack

Eliminate the redundant secure email gateway layer, and re-enable and enhance cloud gateway capabilities built into Microsoft and Google.

Unify your entire inbound email security defenses, from email hygiene to zero-day advanced attacks.


Improve Employee Productivity and Experience

Eliminates spam and quarantine digests and portals.
inbound email protection learning from user actions

Personalized End-User Email Experience

Abnormal learns end-user preferences by observing how they move messages between folders, allowing it to automatically create and manage individualized safe and block lists, as well as deliver spam and graymail to junk and promotional folders respectively.

End users no longer have to rely on spam and quarantine digests to salvage missed messages.

inbound email protection warning banner with context

Contextual Banners That Help End Users

Abnormal precisely assesses every email for potential threat and the type of threat, and if deliverable, automatically provides relevant information using banners.

End users, as a result, are better equipped to ensure that they do not fall victim to attack.


Streamline Security Operations

Deploy with one-click via an API integration.
inbound email protection natively integrating with microsoft and google

Natively Integrates With Microsoft and Google

Integrate within minutes via API, without any disruption to mail flow. No changes to your email configuration or MX records are required.

Plus, there is no need to configure Abnormal or to set custom policies. It learns from Active Directory, other directory services, existing emails, and more to baseline good behavior and begin stopping attacks within hours


Incorporate AI and Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to centralize security insights, and reporting to streamline workflows, automate processes, and orchestrate remediation workflows.


Augment your SIEM with metadata and risk scores for better attack correlation.


Trigger playbooks when users engage with bad email or compromised accounts.


Create tickets for compromised accounts or when users engage with bad emails.

Identity Access Management

Log in to Abnormal via SSO



Our bi-directional architecture helps you set up your own custom integrations quickly and simply.

Eliminate the Broadest Spectrum of Threats

Credential Phishing

Stop the full range of phishing attacks, including never-before-seen socially engineered attacks.

Business Email Compromise

Block seemingly trustworthy emails that induce employees to take actions that lead to financial loss and reputational damage.

Invoice and Payment Fraud

Defuse schemes to steal money via fraudulent invoices and prevent attackers from changing legitimate bank account details.

Supply Chain Compromise

Prevent attackers from exploiting compromised vendor accounts to launch email attacks against your organization.

Malware and Ransomware

Protect your end users from emails that contain malicious attachments, ransomware, and other viruses.

Spam and Graymail

Stop spam, unsolicited messages, and other unwanted email from reaching your end users.


Trusted by Global Enterprises


Prevent the Attacks That Matter Most


Related Resources

Everise case study cover
By mid-2021, Everise had more than 11,000 employees to meet new demand for outsourced services. But the shift to remote work brought new email security risks. “Our people are good at what they do, but they’re not email security specialists, and attackers know that."
Read More
Data sheet 1
Protect your end users from the full spectrum of targeted email threats: phishing, ransomware, fraud, social engineering, supply chain attacks, executive impersonation, spam, and graymail. Integrate with Microsoft 365 and Google Workspace via a one-click API without disrupting mail flow. No MX record changes, configuration, or custom policies are needed.
Read More
B Gartner Highlights 1
The Gartner Market Guide for Email Security explains what integrated cloud email security (ICES) solutions are and why they’re essential for modern enterprises. Download a copy now to learn why enterprises are moving away from the SEG.
Read More
Resource 02 CISO
Business email compromise (BEC) is the most significant cybersecurity threat to enterprise organizations, with $2.4 billion lost in 2021 alone. This type of email attack occurs when a cybercriminal uses social engineering to impersonate a trusted contact—typically an executive, coworker, vendor, or partner.
Download Now
Ices announcement cover
Abnormal ICES offers all-in-one email security, delivering a precise approach to combat the full spectrum of email-borne threats. Powered by behavioral AI technology and deeply integrated with Microsoft 365...
Read More
Blog door arches
When Abnormal Security was founded, our engineering and data science teams were focused on solving the toughest—and most expensive—email security problem for enterprises: business email compromise, or BEC. Fast-forward to today and Abnormal serves some of the largest enterprises...
Read More
Video 2
Socially engineered email attacks are the #1 security threat facing companies today, accounting for more than 44% of all cybercrime losses. To stop these types of sophisticated email attacks, you need a fundamentally new approach to email security.
Watch Now
Ciso guide ransomware cover
The debilitating Colonial Pipeline attack in 2021, which cost the organization $4.4 million to restore the data, highlights the devastating consequences of ransomware and why nearly one in three companies hit with an attack is likely to pay the fee.
Download Now
Webinar microsoft cover
The emergence and evolution of advanced socially-engineered cyber attacks, including business email compromise, supply chain fraud, and ransomware, has organizations rethinking their security strategies and tech stacks.
Watch Now