alt Hacker News>LLM/ML pipeline to detect phishing emails.
I think you're about 20 years behind the times if you think they don't.
There are a whole lot of problems with it when you start pressing the finer details like you list. For example, just look at the legit emails banks send out. They will tell you not to click links claiming to be your bank, then include links (claiming to be your bank) for more information.
Simply put the rules block too much corporate email because people that write corporate email do lots of dumb things with the email system.
It's true that a lot of established ML techniques were first popularized to fight spam (ie bayesian filtering), but it might also be the case that they're not applying the full might of eg Gemini-3-Pro to every email received. I suspect Gemini-3-Pro would do an effectively perfect job of determining if something is phishing, with negligible values in the false quadrants of the confusion matrix, but it's probably too expensive to use in that way. Which is why things like this can still slip through.