Hornetsecurity Security Lab -about 70% of all emails are unwanted
  • 29 Aug 2020
  • 2 Minutes to read
  • Dark
    Light

Hornetsecurity Security Lab -about 70% of all emails are unwanted

  • Dark
    Light

Article Summary

The Hornetsecurity Security Lab publishes new figures: about 70% of all emails are unwanted

Around 300 billion e-mails are sent every day – the number of e-mails sent and received for private and business purposes is forecast to rise to 361.6 billion by 2024. However, not all e-mails that end up in users’ inboxes are wanted, and unwanted e-mails not only contain questionable advertising, but often also harmful attachments and links.

The experts of the Hornetsecurity Security Labs have analyzed how many e-mails are actually wanted by users and what dangers can lurk in their inboxes based on the e-mails received in the system for the year 2020 and have come to interesting results: Only 28% of the e-mails could be classified as “clean”, i.e. harmless by the Hornetsecurity filters – thus more than 70% of all addressed e-mails were unwanted by the recipient.

Which emails are already blocked in advance?

A total of 67% of incoming e-mails are blocked in advance by Hornetsecurity’s filter mechanisms: this means that these e-mails have not even been classified as harmful or unwanted due to various factors. In June 2020, the Security Lab analyzed the reasons for blocking incoming emails. Below we take a look at the most important ones.

In first place with almost 58%, are e-mails that could be classified as spam in advance using a real-time blackhole list.

In second place with 12%, are emails that try to use Hornetsecurity’s mail servers as open relay. Open relay is the process by which an email server delivers emails for which it is not responsible. For example, if example.com has an email server, it should only accept email for mustermann@example.com. An open relay server would also accept mail for other domains, such as @test.com. These open relays are often misused to send spam with fake sender addresses.

In 5.9% of the e-mails blocked by Hornetsecurity, no correct sender address could be found. This is important because cyber criminals try to hide their identity or pretend to be someone else. For example: In the case of mustermann@example.com, if the domain example.com does not exist, the email is blocked.

In 5.3% of blocked e-mails, harmful content was found. Malicious content includes attachments such as *.xls, *.doc, *.pdf that contain malware, but also links that lead to malicious or compromised web pages.

What threats are found in the emails that were not blocked in advance?

The proportion of spam, malware and other threats in the non-blocked emails is also interesting. For this evaluation, the security experts checked the total number of incoming emails minus the blocked emails.

About 10% of these analyzed e-mails were spam and about 3% were info mails. The Security Lab experts were also able to find malware in about 1% of all incoming e-mails, and just under 0.1% were even detected by Hornetsecury’s Advanced Threat Protection. These are attacks such as CEO fraud, spearphishing, or attacks that use new types of malware, which were only detected by the Hornetsecurity ATP Sandbox and not by classic filters. Conversely, this means that more than 10% of the e-mails that are not blocked in advance contain spam or attachments and content that are harmful to the user.

Although the majority of harmful e-mails can be blocked, companies should not yet sit back and relax. Cybercriminals are constantly finding new ways to send malicious emails to users and their attacks are still often successful.


Further information:

Blogpost: Clop, Clop! It's a TA505 HTML malspam analysis

Spam and Malware Protection


Was this article helpful?