AI-Personalised Cold Emails: Why They're Getting Through Your Filters
You receive an email from someone you've never met. They mention your recent blog post. They reference a specific product feature on your company's website. They note that you worked at a particular company before starting your current role. The opening feels like it was written by someone who spent an hour researching you.
They didn't. An AI tool did it in 0.3 seconds.
This is the new face of cold email: hyper-personalised, apparently researched, and completely automated. And it's specifically engineered to pass every spam filter you have. Here's how it works — and why understanding the mechanics is the first step to defending against it.
How AI Cold Email Personalisation Works
Step 1: Data scraping
Tools like Clay, Apollo, Hunter, and dozens of others aggregate publicly available data about email recipients. They pull from:
- LinkedIn profiles (job title, company, work history, recent posts, skills)
- Company websites (about pages, blog posts, product descriptions, team pages)
- Twitter/X and Bluesky posts (recent public statements, interests, engagement)
- Crunchbase and similar databases (funding rounds, company milestones)
- News mentions (recent press coverage, quotes)
This data is assembled into a per-contact profile, typically within seconds of a list being uploaded. A salesperson doesn't research you — a database does.
Step 2: AI content generation
An LLM (usually GPT-4, Claude, or a fine-tuned variant) takes the profile data and generates a personalised opening for the cold email. A typical prompt might be: "Write a one-sentence opener for a cold sales email that references [person]'s recent [LinkedIn post about X] and connects it to [product benefit]."
The result is an email that mentions something real about you — something that feels like genuine research. The rest of the email (the pitch, the call to action) may be templated, but the opening is unique.
Step 3: Sending at scale
The personalised emails are sent from warmed-up domains at moderate volume (typically 30–100 per account per day) to stay under spam thresholds. A campaign targeting 10,000 prospects might use 200 sending accounts. Each account sends 50 emails per day for a week.
Why Spam Filters Miss This
Gmail's spam filter evaluates several signals to classify an email. AI personalisation defeats almost all of them:
| Gmail Signal | Traditional Spam | AI-Personalised Cold Email |
|---|---|---|
| Sender reputation | Poor (known spam domains) | Good (warmed-up domain) |
| Authentication (SPF/DKIM/DMARC) | Often missing | Present (configured automatically) |
| Content quality | Poor grammar, generic | Fluent, personalised |
| Sending volume | High (flags spam) | Low per account (distributed) |
| Link safety | Often suspicious | Often clean or no links |
The result: to Gmail's filter, a well-crafted AI cold email looks identical to a legitimate email from a business contact you haven't heard from before. Because it is — technically — a legitimate email from a real domain, with real authentication, written in real English.
The Scale of the Problem
The cold email industry has exploded alongside AI capabilities. Tools that once cost thousands of dollars per month are now available for $50/month. As of 2026:
- Open rates for cold email have fallen 23% year-over-year as volume increases
- Reply rates for AI cold email average under 1% — often well under
- Despite terrible conversion, volume keeps increasing because the cost-per-email has dropped to fractions of a cent
The math explains why it won't stop: even a 0.05% reply rate on 100,000 emails generates 50 conversations. At $0.001 per email, that's $100 to generate 50 leads. No cost-per-lead in the industry comes close to that. So senders keep sending, and recipients keep drowning.
The Scraping You Can't Stop
You might wonder: can you prevent the data scraping? Mostly, no. If your information is on LinkedIn, your company's website, or any public platform, it can be scraped. LinkedIn has legal protections against scraping (and has fought court battles over it), but enforcement is impractical at the scale of millions of profiles.
Making your email address less publicly visible helps at the margins — fewer tools will find it in the first place. But if you need to be reachable for legitimate reasons, hiding your email address isn't a sustainable strategy.
What Actually Stops AI Personalised Cold Email
The key insight: AI personalisation attacks content-based filtering. The solution isn't better content filtering — it's moving to a model where content isn't evaluated at all for access decisions.
Sender verification does this. When an unknown sender emails you, the question isn't "does this email look like spam?" — it's "will this sender take 30 seconds to prove they're a real person who wants to reach me specifically?" AI outreach tools sending 10,000 emails per day will not complete 10,000 individual CAPTCHA challenges. The economics don't work.
The human on the other end of a genuine inquiry will take 30 seconds. That's the filter.
Frequently Asked Questions
Can I tell the difference between AI cold email and a genuine human email?
Increasingly difficult. Some tells: an opening that mentions something very specific about you (suggesting AI research), vague value propositions, no actual connection or mutual contact, a pitch that comes very quickly after a personalised opener. But these are heuristics, not reliable rules.
Is AI personalisation always cold email? Can it be used legitimately?
AI tools are used for both high-volume cold outreach and legitimate sales personalisation. A sales rep who uses AI to draft an email they then review and personalise further is different from an automated tool that sends without human review. The recipient often can't tell the difference — which is part of the problem.
What data should I remove from public profiles to reduce targeting?
Removing your email address from LinkedIn and your company website's public pages reduces the number of tools that can find it automatically. For your professional website, consider using a contact form rather than a direct email address. This reduces targeting but doesn't eliminate it — email addresses are traded, bought, and scraped from many sources.
The Hidden Cost of Email Overload: 2.5 Hours a Day
Older →Inbox Zero Is Dead. Here's What Actually Works.
Ready to stop AI spam from reaching your inbox?
Captchainbox protects your Gmail from AI-generated cold email. 5-minute setup, no ongoing maintenance.
Join the waitlist