Email hosted protection services are capable of filtering out large numbers of threats before they reach the user.
The team at SE Labs sent10 fake FBI blackmail emails, each created using a different level of sophistication. As well as using more fake emails, they used a much larger number of targeted attacks.
There was one group of public 'commodity' attacks, such as anyone on the internet might receive at random, but also three categories of crafted, targeted attacks including phishing, social engineering (e.g. fraud) and targeted malware (e.g. malicious PDFs). Each individual attack was recreated 10 times in subtly different but important ways.
Attackers have a range of capabilities, from poor to extremely advanced. SE Labs' approach included basic, medium, advanced and very advanced threats to see what would be detected, stopped or allowed through.
See the description of the test that is recognised by the industry here: http://blog.selabs.uk/2018/05/essp.html