You're not imagining it. The junk in your inbox has changed — and I don't just mean there's more of it.

Here's the part that surprised me when I went looking for the numbers: there isn't really more of it. Spam has been about half of all email for years — roughly 49% in 2022, ~46% in 2024, and around 45% last year. Flat. So why does it feel worse?

Because the spam got a copywriter. A robot one.

Spam's share of email has held near half for years, but the AI-written share of spam jumped from about 2% to 51% between early 2022 and April 2025.

What actually changed

For a decade, the fastest way to spot a scam email was the writing. The odd grammar, the misspelled company name, "Dear Valued Customer," the vaguely-off tone. Those tells were doing a lot of quiet work — your filters leaned on them, and so did you.

Generative AI erased them. In early 2022, almost none of the spam hitting inboxes was machine-written. By April 2025, more than half of it was — 51%, in a study Barracuda ran with Columbia and the University of Chicago. And the AI-written messages are measurably cleaner: better grammar, more formal, more convincing. Which is exactly what helps them slip past a filter, and past you.

The malicious end grew too, and fast. SlashNext clocked a 1,265% jump in phishing emails after ChatGPT launched. Hornetsecurity, looking at 72 billion emails, found malware-laden email up 131% year over year — and 82.6% of the phishing they caught was AI-assisted.

So: the inbox didn't get bigger. It got a writing staff.

Why "look for bad spelling" stopped working

The old advice — hover over links, watch for typos, be suspicious of urgency — isn't wrong. It's just no longer enough. When a message is grammatically perfect, sender-spoofed, and personalized from your LinkedIn, "does this look off?" quietly fails as a test. The signal moved. It isn't in the spelling anymore; it's in the intent — who is really asking, for what, from where.

That's not a problem you can train your way out of by teaching people to catch typos that aren't there.

Two layers, because one sprung a leak

How do you defend against email a machine wrote to be undetectable? Two things, working together.

Email security that reads intent, not spelling. Modern filtering has to look at the whole picture: is this sender who they claim to be, is this a look-alike domain, is this a normal request from this person, does that link resolve somewhere it shouldn't. That's what our Email Security & Identity Protection layer is built for — phishing and impersonation defense, malware and link/URL protection, spoofing and DMARC, data-loss prevention, and the warning banners that flag a suspect message before anyone clicks. It catches the polished fake a spelling-based filter waves straight through.

A backstop for the ones that still land. No filter is perfect, and the goal of most of these emails is the same thing: your password. If someone does click, the safety net is account security — multi-factor authentication, monitoring for logins that don't add up, and a fast way to shut a compromised account down before it spreads. Email security lowers how many get through; that backstop contains the one that does.

We run both for the businesses we manage — it's part of our cybersecurity practice — precisely because AI made the first layer leakier.

What I'd do this week

  • Retire "spot the typo" training. It tests for a tell that's gone.
  • Turn on multi-factor authentication everywhere it isn't already — it's the single highest-leverage backstop you have.
  • Ask whether your email filtering evaluates sender intent and look-alike domains, or just spelling and blocklists.
  • Have a plan for "someone clicked," because eventually someone will.

How we help

I help small and mid-sized businesses across the New York metro and the Puget Sound (Seattle) area keep this stuff out — and keep it contained when something slips through. If your inbox feels different lately, you're right; the honest fix is layered, not a single magic filter. Happy to take a look at where you actually stand.

Ready to talk it through?

Reach Amoeba Networks whichever way is easiest:


contact Contact