Email Security That Goes Beyond the Gateway
Six layers of protection covering authentication, AI behavioural detection, BEC, phishing, account takeover, and advanced threat analysis — for a complete email security posture.
SPF, DMARC & DKIM
DNS-based email authentication eliminates domain spoofing at source. SPF defines authorised sending servers, DKIM cryptographically signs messages, and DMARC enforces policy and generates aggregate reports — telling you who is sending email on your behalf and blocking unauthorised senders from impersonating your domain.
AI Behavioural Analysis
Rather than relying on known-bad signatures, AI builds a behavioural baseline for every relationship in your organisation. Abnormal communication patterns — unusual request types, atypical sending times, requests from unexpected IP geolocations — are flagged as anomalies invisible to rule-based systems.
Business Email Compromise (BEC)
BEC attacks involve no malware and no malicious links — they bypass every legacy gateway. AI detects the subtle linguistic and behavioural signals that indicate CEO impersonation, CFO fraud, payment redirection, and vendor invoice manipulation before funds leave the organisation.
Phishing & Spear-Phishing
URLs are rewritten and sandboxed at click-time — not just at delivery — so zero-day phishing links are blocked even when they change post-delivery. Lookalike domain detection identifies typosquatted and homograph domains targeting your users. Attachment sandboxing detonates unknown files before delivery.
Account Takeover Prevention
Attackers who successfully compromise a mailbox use it to pivot internally. AI detects the behavioural signatures of account takeover — impossible travel, anomalous OAuth app authorisations, unusual forwarding rules, and bulk email access — and triggers automated remediation before damage spreads.
Beyond the Legacy SEG
Secure Email Gateways were built for spam and known malware — not for the socially-engineered, zero-payload attacks that dominate today's threat landscape. Abnormal Security integrates directly with Microsoft 365 and Google Workspace as a complementary layer, catching what SEGs miss without changing mail flow.
The Attacks Email Security Stops
Real-world attack scenarios your email security must defend against — and how AI-powered protection handles each one.
CEO / CFO Impersonation (BEC)
- ✓Attacker registers a lookalike domain (e.g. company-finance.co.uk) or compromises a supplier mailbox
- ✓Sends urgent payment or wire transfer request appearing to come from senior leadership
- ✓No attachments, no links — completely invisible to signature and URL-scanning gateways
- ✓AI detects linguistic anomalies and relationship deviations — flags and quarantines before finance acts
Ransomware via Email
- ✓Malicious attachment (Office macro, ISO, LNK file) or link to a staged payload delivery site
- ✓Often disguised as invoice, shipping notification, or DocuSign request
- ✓Attachment sandboxing detonates the file in an isolated environment before delivery to the inbox
- ✓AI detects anomalous sending patterns from compromised legitimate accounts acting as droppers
Supply Chain / Vendor Fraud
- ✓Attacker compromises a trusted supplier's mailbox and sends fraudulent invoice or payment update
- ✓Message originates from a legitimate domain — passes all SPF, DKIM, and DMARC checks
- ✓AI detects unusual request embedded in an otherwise normal vendor communication thread
- ✓Supplier relationship graph identifies when a new bank account request deviates from historical patterns
Microsoft 365 Account Takeover
- ✓Attacker phishes M365 credentials or purchases them from an initial access broker
- ✓Logs in from a residential proxy to avoid impossible-travel detection
- ✓Sets forwarding rules, accesses email archives, and pivots to Teams and SharePoint
- ✓AI detects access anomalies, unusual OAuth permissions, and forwarding rule creation in real time
Abnormal Security — AI Email Protection
Abnormal Security is the only email security platform built from the ground up on behavioural AI. Rather than comparing messages to known-bad signatures, Abnormal models what 'normal' looks like for every identity in your organisation — and blocks anything that deviates.
Deployed as an API-based integration with Microsoft 365 or Google Workspace — no MX record changes, no mail routing disruption, active protection within hours.
Learn about Abnormal Security →Email Security Deployment
Email Security Assessment
We audit your current SPF, DMARC, and DKIM configuration, review M365 or Google Workspace security settings, and identify gaps that existing tools are not covering — including a simulated phishing exercise.
DMARC & Authentication Hardening
We deploy and configure SPF, DKIM signing, and DMARC at enforcement (p=reject) for your domain — preventing any unauthorised party from sending email appearing to come from your organisation.
AI Platform Deployment
Abnormal Security connects to your M365 or Google Workspace tenant via API — no MX record changes required. The AI immediately begins learning communication baselines and can detect threats within 24 hours of deployment.
Ongoing Threat Review
Monthly threat reports, DMARC aggregate monitoring, and posture reviews ensure your email security evolves as attacker techniques change. We adjust policies to balance security with business operations.
Is your inbox protected against modern attacks?
A simulated phishing exercise and DMARC audit will show you exactly what your current email security is — and isn't — stopping. Contact us to arrange a free email security assessment.