On Saturday, 13 February 2021 at 10:28:32 UTC, The Natural Philosopher wrote:

Given that large mail providers can't perform filtering during receipt of mail (i.e. whilst the SMTP dialogue is still underway)
They could if they wanted to

No, it's not a viable approach for a large mail platform / enterprise.

High volume mail servers are effectively just bastion hosts; their job is simply to accept mail. In some cases they might perform rudimentary checks (DNSBL lookups usually) and bounce during the SMTP dialogue but any content inspection is the role of the internal servers dedicated to the heavy lifting of that task. You can accept an email in a fraction of the time it takes to scan and filter it - the roles are entirely different and for providers likely to be attacked you would never expose machines performing the latter function to the outside world.