← All postsCaptchainbox
cold emailhow-toGmail

How to Block AI-Generated Sales Emails Without Missing Real Ones

Felix Doer·Founder, Captchainbox··6 min read

The challenge with AI-generated sales emails isn't identifying them — it's blocking them without also blocking the legitimate business emails that look similar. A partnership inquiry from a real person uses the same format as an AI-generated pitch: professional tone, specific references to your work, a clear call to action. The difference is intent and volume, neither of which is visible in the email itself.

Here's a practical framework for blocking AI sales email while keeping your inbox open to genuine contacts.

Why the Standard Advice Doesn't Work

"Just mark them as spam"

Marking AI cold emails as spam helps Gmail learn your preferences, but the effect is limited. Each AI campaign uses different sending domains, different content, and different sender addresses. Training your spam filter against one campaign doesn't protect you from the next one that uses completely different signals.

"Create filters for common phrases"

Filtering for phrases like "I noticed your post on LinkedIn" or "quick question" catches some cold email but also catches legitimate messages. These aren't reliable indicators because real people use the same language.

"Unsubscribe from cold emails"

Replying "unsubscribe" to cold email often confirms your address is active, leading to more email from other campaigns. Cold email typically doesn't have functioning unsubscribe links, and even when it does, the sender may not honour the request.

What Actually Works: A Three-Layer Approach

Layer 1: Let Gmail handle obvious spam

Gmail's spam filter catches low-quality spam effectively. Don't disable it or create filters that bypass it. Continue marking obvious spam as spam to improve your account's filter training. This is your baseline defence.

Layer 2: Build and maintain a whitelist

Create an explicit list of senders and domains you always want to hear from. Your clients, your team, your service providers, transactional services (banks, SaaS tools). Emails from whitelisted senders should never be filtered.

You can build a basic whitelist using Gmail filters: create a filter for each trusted domain with the action "Never send to Spam." For a more comprehensive approach, tools like Captchainbox automatically build your whitelist from your sent mail history — anyone you've emailed before is trusted by default.

Layer 3: Verify everyone else

For email from senders not on your whitelist, use a verification step. Rather than trying to analyse whether the email is genuine (which AI makes increasingly difficult), ask the sender to take a simple action — completing a CAPTCHA — before their email reaches you.

The economics make this effective: a real person who genuinely wants to reach you will spend 30 seconds verifying. An AI tool sending 10,000 emails will not complete 10,000 individual CAPTCHAs.

Step-by-Step Setup Guide

  1. Audit your current inbox: Look at the last 7 days. Count how many emails came from known contacts vs. cold outreach. This tells you the scale of the problem.
  2. Connect a sender verification tool: Set up Captchainbox or a similar tool. Connect your Gmail via OAuth (takes ~2 minutes).
  3. Run historical analysis: Let the tool scan your sent mail to build your initial whitelist. Everyone you've emailed before is automatically trusted.
  4. Add key domains manually: Whitelist important domains you receive transactional email from — your bank, payment processors, cloud services.
  5. Enable real-time monitoring: Turn on automatic verification for new unknown senders.
  6. Customise your auto-reply: Write a brief message explaining the verification step and offering an alternative contact method for urgent situations.

What Your Auto-Reply Should Say

The wording matters. Too robotic and people ignore it. Too long and people don't read it. Here's a tested template:

Hi — thanks for reaching out. I use inbox protection to manage email volume. To make sure your message gets through, please take 30 seconds to verify here: [verification link]

If this is urgent, you can also reach me on LinkedIn.

Frequently Asked Questions

Won't this block important first-time contacts?

It doesn't block them — it asks them to verify. The verification takes 30 seconds and uses Cloudflare Turnstile, which is typically just a checkbox. Most genuine contacts complete it without complaint.

What about automated emails from services I haven't signed up for yet?

Transactional emails from known services (Stripe, Google, major banks) are handled via a curated domain whitelist. For new services, you can proactively whitelist their domain before signing up.

How do recruiters and journalists reach me?

They verify. In practice, recruiters and journalists are among the most likely to complete verification — they're used to reaching out to people who are hard to contact and understand the value of demonstrating intent.

← Newer

The Founder's Guide to Email: How CEOs Manage 200+ Emails Per Day

Older →

Why Your Gmail Spam Filter Stopped Catching Cold Emails (2026 Update)

Ready to stop AI spam from reaching your inbox?

Captchainbox protects your Gmail from AI-generated cold email. 5-minute setup, no ongoing maintenance.

Join the waitlist

More from the blog

How to Automatically Archive Cold Emails in Gmail

June 16, 2026

Does Marking Emails as Spam in Gmail Actually Do Anything?

June 1, 2026

Can You Block All Unknown Senders in Gmail?

May 20, 2026