How MailBaby Uses AI to Stop Phishing in Its Tracks

At MailBaby, we are always testing new ways to keep your outbox secure. Since early 2025 we have been running rspamd + gpt module designed to catch sophisticated spam and phishing attacks that traditional filters might miss. We want to show you exactly how it works, using a real-world example, and explain why your privacy remains our top priority.

The Stack: A Simple Breakdown

To make this work, we are combining three powerful tools running directly on our network:

  • Rspamd:This is our high-performance spam filtering system that scores every email based on hundreds of rules. Mailbaby is a sponsor of rspamd.
  • LLAMA Model: The “Brain.” This is a locally hosted AI model that reads certain rules, sender domain, and hashes of the email to understand the intent behind it (like a human would).
  • VLLM: The “Engine.” This software allows us to run the AI model efficiently on our own servers without needing the cloud and has replaced LocalAI for better scaling.

Real-World Example: Catching the “Meta” Phish

To explain why this matters, let’s look at a common phishing scenario. Imagine you receive an email that looks like it comes from Facebook/Meta support, claiming your account is locked.

The Link: The email asks you to click a link to metasupport.cm.

To a human eye, that looks suspicious. To a standard computer filter, it might just look like a domain. Here is how our new system breaks it down to assign a “Phishing Probability” score (from 0 to 100).

1. The “Fresh” Rule (The Red Flag)

First, Rspamd checks when metasupport.cm was registered. It sees that the domain was bought only 48 hours ago. In the email world, a “fresh” domain sending urgent support emails is a massive warning sign. legitimate companies don’t use brand new domains for support.

2. The AI Semantic Check (The Context)

This is where the AI steps in. It reads the email body and notices the urgency (“Account Locked!”) combined with the request to click a link. It recognizes that metasupport.cm is trying to impersonate the brand “Meta” but is using the wrong ending (.cm instead of .com).

3. The Final Score

The system combines these findings:

  • Fresh Domain Rule: +40 points (High Risk)
  • AI Semantic Analysis: +45 points (Confirmed Phishing Pattern)
  • Total Phishing Probability: 85/100

Because the score is so high (85), the system flags it immediately as a phishing attempt and blocks it, keeping you safe.

Privacy First: Local Processing Only

We know that “AI” often raises questions about data privacy. We want to be crystal clear:

All processing is done locally on MailBaby hardware.

We do not send your emails to OpenAI, Google, or any other third party to be scanned. No data leaves our network. We own the hardware, we control the software, and your emails stay private.

The Future of Filtering

Our testing has shown that AI is incredibly helpful for catching these specific “high-probability” threats. However, it is also very computing-intensive. Right now, we use it selectively—mostly to flag emails that hit specific triggers (like our “Fresh Domain” rule).

As hardware costs come down and the technology gets faster, we plan to expand this protection, eventually checking more traffic to ensure MailBaby provides the cleanest, safest email delivery possible.

Tags:

3 Replies to “How MailBaby Uses AI to Stop Phishing in Its Tracks”

Leave a Reply

Your email address will not be published. Required fields are marked *