Introduced here are computer programs and computer-implemented techniques for discovering malicious emails and then remediating the threat posed by those malicious emails in an automated manner. A threat detection platform may monitor a mailbox to which employees of an enterprise are able to forward emails deemed to be suspicious for analysis. This mailbox may be referred to as an “abuse mailbox” or “phishing mailbox.” The threat detection platform can examine emails contained in the abuse mailbox and then determine whether any of those emails represent threats to the security of the enterprise. For example, the threat detection platform may classify each email contained in the abuse mailbox as being malicious or non-malicious. Thereafter, the threat detection platform may determine what remediation actions, if any, are appropriate for addressing the threat posed by those emails determined to be malicious.