Inbound Email Protection

Precisely block all email attacks including phishing, malware, ransomware, social engineering, executive impersonation, invoice fraud, and spam and graymail, using behavioral AI.

Deploy in minutes at any scale. No configuration or policies required.

Highest-Precision Protection Against
All Email Attacks

Complete Email Attack Protection

Uses behavioral AI to detect attacks that evade cloud email security and SEGs

Streamline Security Operations

Deploys with one click, and is proven to simplify your email security architecture

Improve Employee Experience

No more spam and quarantine digests; keep end users in their mailboxes

Stop Attacks That Evade Secure Email Gateways

Continuously analyzes email, Active Directory, and security logs via cloud APIs to baseline good behavior and precisely block all email attacks and unwanted email.
inbound email security employee profile

Profiles Good Behavior

By integrating with Microsoft Office 365 and Google Workspace, Abnormal continuously learns about the digital identity of every employee in your organization.

  • Which department do they belong to? What title and level do they hold?
  • Which employees are subject to greater risk?
  • When do they typically log in, from where, and using which devices?
  • With whom, why, and how often do they communicate with each other?
  • What content do they typically share? What is their tone over email?

These signals enhance our detection capabilities without any need for custom policies.

inbound email protection remediating email for anomalies

Precisely Detects and Remediates All Anomalies

Unlike secure email gateways, Abnormal scans every email, including internal messages. Using known good behavior baselines, every email is precisely scrutinized for anomalies.

  • Do they communicate this frequently?
  • Are the tone and the content shared typical?
  • Does the account appear compromised?

This behavioral-based analysis precisely strikes down all threats within milliseconds, including never-before-seen socially-engineered email attacks.

inbound email security profiling vendors

Profiles All Your Vendors For Potential Threats

Your organization’s security posture is only as strong as the security posture of your vendors.

Soon after you integrate with Abnormal, VendorBase reviews all your emails to extract your vendor relationships. It then continuously monitors your vendors for security risks observed across the entire enterprise ecosystem and automatically identifies when a vendor has been compromised.

Defense In Depth v6

Simplify Your Email Security Stack

Eliminate the redundant secure email gateway layer, and re-enable and enhance cloud gateway capabilities built into Microsoft and Google.

Unify your entire inbound email security defenses, from email hygiene to zero-day advanced attacks.

Improve Employee Productivity and Experience

Eliminates spam and quarantine digests and portals.
inbound email protection learning from user actions

Personalized End-User Email Experience

Abnormal learns end-user preferences by observing how they move messages between folders, allowing it to automatically create and manage individualized safe and block lists, as well as deliver spam and graymail to junk and promotional folders respectively.

End users no longer have to rely on spam and quarantine digests to salvage missed messages.

imbound email protection rewriting supsicious URLs

Smart URL Rewriting

Not all emails are malicious. So why rewrite every single URL within them?

Abnormal judges every email to determine its risk profile, and only rewrites URLs within those emails that look like borderline attacks.

inbound email protection warning banner with context

Contextual Banners That Help End Users

Abnormal precisely assesses every email for potential threat and the type of threat, and if deliverable, automatically provides relevant information using banners.

End users, as a result, are better equipped to ensure that they do not fall victim to attack.

Streamline Security Operations

Deploy with one-click via an API integration.
inbound email protection natively integrating with microsoft and google

Natively Integrates With Microsoft and Google

Integrate within minutes via API, without any disruption to mail flow. No changes to your email configuration or MX records are required.

Plus, there is no need to configure Abnormal or to set custom policies. It learns from Active Directory, other directory services, existing emails, and more to baseline good behavior and stop all attacks within hours.

inbound email protection dashboard view

Integrated Visibility and Control

With a single pane of glass, analysts no longer need to toggle between your native cloud email security dashboard and other email security solution dashboards.

With deep integration, you get unified visibility and control across Microsoft Office 365, Google Workspace, and Abnormal, greatly simplifying investigation, remediation, follow-up, and reporting.

inbound email protection customizable Remediation Options

Customizable Remediation Options

To comply with regulations or critical business needs, admins can:

  • Ensure delivery for certain groups, with contextual banners when necessary

  • Defend highly-targeted groups differently

  • Increase end user access to emails, via the junk folder, or by using banners, enabling them to inform Abnormal of their preferences

With Abnormal, you can fully automate remediation while addressing the unique needs of various groups within your organization.

Fully Automate Your SOC Workflows

Integrate with SIEM, SOAR, ITSM, and IAM solutions to enrich security insights and orchestrate workflows.


Augment your SIEM with metadata and risk scores for better attack correlation.


Trigger playbooks when users engage with bad email or compromised accounts.


Create tickets for compromised accounts or when users engage with bad emails.

Secure Email Gateways

Trigger automated post-delivery protection when gateways send alerts on missed attacks.

Phishing Training

Allow emails for training to pass inspections, and present reports on user engagement.

Identity Access Management

Log in to Abnormal via SSO, and to provide data to better detect account takeover attempts.


Our bi-directional architecture helps you set up your own custom integrations quickly and simply.

Eliminate the Broadest Spectrum of Threats

Credential Phishing

Stop the full range of phishing attacks, including never-before-seen socially engineered attacks.

Business Email Compromise

Block seemingly trustworthy emails that induce employees to take actions that lead to financial loss and reputational damage.

Invoice and Payment Fraud

Defuse schemes to steal money via fraudulent invoices and prevent attackers from changing legitimate bank account details.

Supply Chain Compromise

Prevent attackers from exploiting compromised vendor accounts to launch email attacks against your organization.

Malware and Ransomware

Protect your end users from emails that contain malicious attachments, ransomware, and other viruses.

Spam and Graymail

Stop spam, unsolicited messages, and other unwanted email from reaching your end users.

Trusted by Global Enterprises


Prevent the Attacks That Matter Most

Related Resources