What do you think about traditional email Security (MX record) vs API-based email security?

Traditional email security or MX records are great for protecting against large-scale threats like phishing and man-in-the-middle attacks. However, they are not effective against targeted, sophisticated attacks. API-based email security provides an additional layer of security and can detect anomalies in behavior that indicate malicious intent. This type of solution can be especially effective when used in conjunction with traditional email security.

API is easier, however. I’ve found in real world deployments, the gateway approach tends to be more effective overall by helping to ensure malware/phishing never even reaches the end email system, most notably by the flagship brands like proofpoint. I’ve seen API solutions rely too much on detection after delivery which allow the payload to be accessed by the enduser and then executed prior to detection/quarantine.

I have experience with both and like the API-based way better. There is no downtime, and the implementation takes literally 5 minutes, with no MX records changes, no wait for the DNS to update etc.
When an email security solution asks me to change the MX record, I instantly see them as a legacy system and wants to stay away if possible