How we bypassed a popular email threats protection software

In today’s corporate landscape, email security remains a critical layer of defense. Organizations depend on secure gateways, advanced filtering, sandboxing, and Machine Learning systems to block phishing attempts and malicious emails. Vendors often present these solutions as highly reliable, positioning them as essential safeguards against email-based threats. Yet, even with robust technologies in place, determined attackers can still find ways to bypass such protections.

During a recent penetration test, we collaborated with a company that was using a popular AI-based email protection software, hereinafter referred as the ACME software. At first glance, the solution seemed robust and comprehensive, with multiple layers of filtering designed to block most phishing attempts. However, by crafting a phishing campaign tailored to the company’s specific context, we were able to uncover several weaknesses. The attack combined different techniques: spoofing the sender of a trusted partner, registering a newly deceptive domain, and embedding the malicious email within an existing thread to enhance credibility. As a direct consequence, the ACME Corporation released a dedicated pattern to detect this type of phishing attempt.

In this article, following a brief introduction to phishing prevention systems and their limitations, I will provide an in-depth analysis of the factors and bypass techniques used to circumvent the protection.

Phishing definition and types

Phishing is a social engineering technique where attackers deceive recipients into revealing sensitive information, downloading malware, or carrying out harmful actions. They achieve this by crafting fraudulent messages that appear legitimate, often by impersonating a colleague, partner, or well-known brand.

Depending on the method and target, phishing can be categorized as follows:

• Spear phishing – Highly targeted attacks directed at specific individuals or organizations, often personalized to enhance credibility.
• Whaling – A form of spear phishing that targets high-profile individuals such as executives or senior managers.
• Smishing – Phishing via SMS or messaging apps, tricking users into clicking malicious links or sharing sensitive data.
• Vishing – Voice phishing, where attackers use phone calls or VoIP to impersonate trusted entities and obtain confidential information.
• Quishing – Attacks that exploit QR codes, enticing victims to scan malicious codes that redirect them to fraudulent websites.

How Phishing Prevention Systems work

Modern email security solutions serve as gateways between the internet and corporate mail systems. Their purpose is to inspect both inbound and outbound traffic, filtering out messages that may contain spam, phishing attempts, or malware.

To accomplish this, they employ multiple layers of detection, including:

• Reputation and signature checks – Verifying sender IPs, domains, URLs, and attachments against global threat intelligence databases.
• Heuristic and behavioral analysis – Detecting suspicious formatting, obfuscation methods, or linguistic patterns commonly associated with phishing.
• Sandboxing – Executing attachments or following links in an isolated environment to uncover malicious activity.
• Policy enforcement – Applying organization-specific rules to block or quarantine unwanted or high-risk emails.

At the core of many such systems are pattern files (often referred to as signature databases). These repositories contain the latest rules, heuristics, and reputation data gathered from global telemetry, honeypots, and customer submissions. Frequent updates ensure that the systems can swiftly adapt to emerging spam and phishing campaigns. The engine delivers the scanning framework: parsing headers, extracting features, analyzing attachments, while the pattern files provide the intelligence required to determine whether content is malicious or safe.

The example of ACME 

The software analysed, applies a multi-layered detection stack that includes:

• Anti-spam and anti-malware filters based on signatures and reputation.
• Behavioral analysis and sandboxing for suspicious attachments and links.
• Machine Learning to identify phishing and business email compromise (BEC).
• Configurable security policies for content, attachments, and compliance.

Central components of this architecture are the AS patterns (Anti-Spam patterns), which provide continuously updated intelligence for the antispam engine. These files contain rules, lexical models, statistical fingerprints, and reputation data used to classify messages. When an email is processed, the system applies several checks:

1. Header analysis – Verification of sender reputation and authentication (SPF/DKIM/DMARC).
2. Content inspection – Detection of suspicious text, obfuscation, or encoding tricks.
3. URL and domain reputation – Comparison of embedded links against known malicious or lookalike domains.
4. Attachment analysis – Evaluation of file types, hashes, and metadata.

AS patterns are distributed via ActiveUpdate to incorporate new spam signatures, heuristics, statistical models, and reputation data. In practice, they act as the knowledge base of the antispam engine, while the engine itself applies this intelligence to live email traffic.

How AS Patterns are generated

Pattern updates are generated using data from a global threat intelligence ecosystem, which draws on:

• Telemetry collected from endpoints, mail servers, and security appliances worldwide.
• Honeypots that capture live spam and phishing campaigns.
• Customer submissions identifying false negatives or previously unseen attack types.
• Dedicated research teams refining heuristics and developing new detection rules.

This approach enables such anti-spam agent to continuously improve detection capabilities without requiring engine or product upgrades.

Limits of Pattern-Based Detection

The case highlights a fundamental challenge: pattern-based detection is highly effective against known threats and large-scale spam campaigns, but proves far less reliable when facing targeted, context-aware attacks. Adversaries can exploit this limitation by:

• Introducing variations – Subtle changes in domains, URLs, or message structure may not yet be reflected in the latest pattern updates.
• Exploiting trust relationships – Impersonating suppliers, partners, or internal contacts reduces the likelihood of automated detection, as these contexts are difficult to capture in a signature.
• Leveraging fresh domains – Newly registered phishing domains carry no negative reputation, enabling them to bypass reputation checks.

In other words, the closer a phishing email resembles legitimate business communication, the harder it becomes for purely technical controls to intercept it without causing an unacceptable number of false positives.

How the protection was bypassed

Despite the protection provided by AS patterns and their frequent updates, no detection technology is flawless. During the penetration test, the ACME software was bypassed using carefully crafted phishing techniques that exploited the inherent limitations of pattern-based and heuristic detection.

To maximize the chances of success, I crafted spear-phishing emails specifically tailored to the organization, carefully mirroring the tone, structure, and workflows familiar to its employees. Yet, how could I be certain that no security policies were in place to block spoofed corporate addresses? I couldn’t. Instead, I opted for a safer and more convincing approach: impersonating a partner company with which the organization regularly exchanged emails—in this case, the IT provider responsible for managing its infrastructure. This not only increased the credibility of the messages and reduced suspicion but also allowed me to bypass configurable security policies, which were calibrated to detect spoofed domains resembling the company’s own but not those belonging to trusted partners.

To refine the attack further, I analyzed how Outlook displayed spoofed senders. By experimenting with different sender formats, I identified a structure that introduced ambiguity: to the recipient, the message appeared to originate from the trusted partner’s domain, while technically the “on behalf of” field pointed to the phishing domain.

Moreover, using a thread hijacking technique, I embedded the phishing content into what appeared to be an ongoing conversation between the company’s support team, the spoofed partner, and Microsoft support. In this context, the email blended seamlessly into existing correspondence, looking ordinary and trustworthy to both users and the filtering system. Because the software under analysis relies on reputation checks, pattern matching, and policy rules, this unusual format failed to trigger any alarms. In fact, the system did not classify the email at all—it was neither flagged as malicious nor logged as a clean delivery.

At this point, I had designed an email that bypassed the spam folder, slipped undetected, and left no meaningful trace in the logs.

Together, these elements created a scenario in which the phishing message successfully evaded technical defenses and became indistinguishable from legitimate communication within the organization’s email flow.

Detailed analysis of the bypass factors

Each of the techniques applied during the phishing simulation had a specific impact on the bypass. By looking at them individually, it becomes clearer why the system was unable to block the attack.

0. Preliminary Information Gathering

To carry out this attack, the first step is to gather information that can be used to set up a valid testing environment. One of the simplest tools for this purpose is the dig utility (bash), which allows querying DNS records:

$ dig txt {COMPANY_DOMAIN} @8.8.8.8
...
{COMPANY_DOMAIN}. 451 IN TXT "{REDACTED}=07115a9193890ce9c9b84b1418161811" {COMPANY_DOMAIN}. 451 IN TXT "MS=ms68288305" {COMPANY_DOMAIN}. 451 IN TXT "v=spf1 include:spf.protection.outlook.com include:spf.{ACME_DOMAIN}.com include:_spf.ergonet.it -all"

From DNS TXT records, it is possible to extract valuable information about the technologies used by the target organization. In this example, the records reveal:

• The use of Outlook (Microsoft 365) as the primary email service provider.
• The presence of the ACME software in the mail flow.
• The SPF configuration, which includes Outlook and the ACME domains.

These insights are invaluable when creating a controlled testing environment. By replicating the technologies in use—such as Outlook’s antispam filters—it becomes possible to assess how phishing emails are handled, how HTML content is rendered, and which techniques could potentially bypass existing protections.

1. Thread Hijacking Technique

Thread Hijacking is a technique in which attackers insert malicious emails into an existing, legitimate conversation between two or more parties. By replying to or impersonating an ongoing thread, the phishing message inherits the trust and credibility of the original exchange. This makes the attack more difficult to detect by automated filters, since it appears as part of a genuine conversation, and by users, who are more likely to trust and engage with a message that seems to continue familiar correspondence.

By leveraging the credibility of an existing communication thread, this technique produces a dual effect. First, the message is less likely to be flagged as suspicious, as email security systems often analyze messages in isolation. Second, from the user’s perspective, the message appears as a continuation of a legitimate exchange, further reducing the likelihood of scrutiny or verification.

Follows an example of HTML code that was used during the activity (N.B. several sections were removed for sake of clarity, and the sensitive information redacted):

—

Goodmorning {{VICTIM_NAME}},

As reported within the thread mail, is required to accept as soon as possible the ToS as Microsoft users. The access to the required form is provided in the following link within 48 hours, the procedure can be completed quickly therefore i ask you to complete it as soon as possible to avoid any account restriction.

Careful:
- Lately several phishing e-mails were detected and received in the corporate mail. I remind the signaling procedure via the following reporting link

—

From: Support <support@{{COMPANY_DOMAIN}}.it>

Sent: Wednesday, 8 October, 2025 16:41

A: {{TRUSTED_COMPANY_MAIL}}

Subject: Re: {{COMPANY_NAME}} policy update

Hi, there were important updates related to the Microsoft service. It is urgently required to accept the document indicated in the following link: https://{{COMPANY_DOMAIN}}/certs/personal%documents%. Please help me to send this e-mail to all the people involved within the process since we are already late.

—

From: IT Support <support@microsoft.com>

Sent: Monday, 8 Ottobre, 2025 16:27

A: Support <support@{{COMPANY_DOMAIN}}>

Subject: {{COMPANY_NAME}} Microsoft policy update

Dear customers

As part of our recent internal security policy update alignment with GDPR, it is requested to all the {{COMPANY_NAME}} employees to proceed with the acceptance of the updates.

—

Thanks to the appropriate HTML code used within a customized Gophish implementation, and with the knowledge gained during the Information Gathering stage about the email infrastructure of the target, I was able to successfully reconstruct the appearance of an ongoing thread mail within the Outlook client.

2. Contextual Tailoring

In this scenario, the phishing simulation was carefully tailored to mirror the style and tone of communication typically employed by the entities involved in IT-related requests within the organization. The simulated thread specifically drew on elements from:

• The company’s internal IT support team – Messages were crafted using the same concise, task-oriented style commonly found in user assistance emails.
• Microsoft’s support team – Wording and formatting aligned with official Microsoft communications, reinforcing credibility through familiar phrasing and structure.
• The head of the IT department (outsourced to an external provider) – The email emulated the external IT manager’s communication style, reflecting the usual level of formality and type of language used when interacting with company staff.

To enhance authenticity, each message also included the signature blocks of the respective entities, complete with images, logos, disclaimers, and other distinctive elements that employees would normally encounter in legitimate correspondence.

Although this approach did not directly bypass the technical detection mechanisms, it played a decisive role in exploiting the human factor. By closely replicating familiar communication styles and visual cues, the phishing thread substantially increased the likelihood that recipients would trust the exchange and overlook subtle anomalies, thereby reducing the chances of manual detection by users.

3. Sender Spoofing

Spoofing a trusted partner’s email address had a twofold impact. On one hand, it leveraged user trust, as employees were accustomed to receiving communications from that entity. On the other hand, it allowed the attacker to bypass the Configurable Security Policies that had been implemented to detect spoofed domains. In this instance, the rule was configured to flag domains resembling the company’s own, but not those belonging to trusted third parties.

By crafting the spoofed sender in the format: name.surname@{{TRUSTED_IT_COMPANY_DOMAIN}}, the attacker avoided triggering the customized filter.

More specifically, Outlook represented the spoofed email address using the following formalism:

name.surname={{TRUSTED_IT_COMPANY_DOMAIN}}@phishing-domain.com on behalf of name.surname@{{TRUSTED_IT_COMPANY_DOMAIN}}

This structure introduced a degree of ambiguity. Visually, the message appeared to come directly from the trusted partner’s domain. However, the underlying “on behalf of” construct actually pointed to the phishing domain. Since the anti-spam software relies heavily on reputation checks, pattern analysis, and policy rules, this format may not have been classified as malicious:

• The visible sender matched a trusted domain, reinforcing credibility.
• The technical sender domain did not closely resemble the company’s own domain and therefore did not trigger the custom policy.
• The pattern database may not have included this specific spoofing construct, allowing the message to pass through undetected.

As a result, the email was neither classified as blocked (since it was not identified as malicious) nor recorded as cleanly delivered (because the system could not resolve the ambiguous sender format into a definitive classification). This “gray area”, along with the thread hijacking technique, created a lack of any clear log entry, leaving administrators without evidence of the phishing message—neither in the blocked queue nor in the standard mail flow reports.

This highlights how carefully crafted spoofing techniques can exploit gaps between user perception, Outlook’s header formatting, and the detection logic of security systems, bypassing not only filters but also the monitoring and visibility mechanisms that administrators rely on.

4. Domain Spoofing

The use of a domain deliberately designed to resemble Microsoft’s legitimate one, commonly referred to as typosquatting, proved highly effective in bypassing both lexical and reputation-based security checks. Traditional lexical filters typically search for obvious deviations or suspicious patterns in domain names, but minor variations such as character substitutions, added hyphens, or visually similar Unicode characters are often subtle enough to evade detection.

Reputation-based systems, in contrast, rely on historical data such as domain age, registration records, and prior reports of malicious activity. In this case, the phishing domain had been recently registered, meaning it carried no prior negative reputation. Consequently, email protection software and similar tools lacked the threat intelligence necessary to flag it as malicious at the time of the attack.

The technique also exploited user perception. Because the spoofed domain was visually nearly identical to Microsoft’s legitimate one, recipients were unlikely to notice the minor differences. This dual effect significantly increased the likelihood of a successful attack.

This scenario underscores a structural limitation of detection systems: brand impersonation via newly registered domains creates a critical window of opportunity for attackers. Until threat intelligence feeds and pattern updates are able to recognize the new registration, the malicious domain can be used in phishing campaigns without being blocked by standard security layers.

Final Results and Thoughts

The penetration test was successfully completed, demonstrating that even advanced email security solutions can be bypassed under certain conditions. In this case, the phishing campaign circumvented any filtering mechanisms. The crafted email was neither flagged as malicious nor recognized as legitimate, which meant it was delivered to the target inbox without being logged as suspicious or legitimate, leaving no trace on the security product.

This outcome revealed a clear detection gap: the system did not generate any alerts or provide administrators with any evidence of the attack, making it impossible to identify the incident through standard monitoring. Following the report of these findings, the ACME Corporation addressed the issue by releasing a dedicated AS Pattern, designed to detect and block this specific type of phishing email in future scenarios.

While this enhancement strengthened the platform’s detection capabilities, the test ultimately underscored that no technical control, however sophisticated, can completely eliminate risk. Effective protection against phishing requires not only robust security technologies but also well-trained employees who are aware of threats and prepared to identify and report suspicious activity.

The importance of Awareness

Advanced phishing prevention solutions can filter vast amounts of malicious traffic, but phishing is not merely a technical issue: it is a psychological one, crafted to exploit trust, routine, and human error.
At Betrusted, we don’t just evaluate the resilience of technical controls such as email security gateways; we also assess the human factor, which consistently proves to be the most decisive layer of defense.

This is why we place strong emphasis on awareness and training. We design phishing simulations that replicate the techniques used by real attackers, allowing employees to experience firsthand what a convincing phishing email looks like. Combined with workshops and continuous education, these exercises help staff develop the instinct to pause, verify, and report rather than click impulsively.

Awareness is not about blaming users; it is about empowering them. By promoting a culture in which employees feel comfortable questioning suspicious messages and escalating concerns promptly, organizations gain an active line of defense that no automated system can replace.