When it comes to e-mail communications in the B-to-B world, yet another study is underscoring just how challenging it is to reach corporate inboxes.
A new report by cyber-security firm FireEye, Inc. reveals that fewer than one-third of e-mails sent are actually making it into corporate inboxes. The FireEye analysis was based on tracking more than a half-billion e-mails sent between January and June of 2018.
The majority of those e-mails were deemed to be spam or malicious in their intent. Nearly 60% were blocked by threat intelligence and around 10% more were halted by attack prevention tactics such as URL inspection and attachment detonation.
E-mails were deemed suspicious because they triggered one or more of the following “red-light” cautions:
- Malware-less impersonations
- Malware viruses
- Phishing attacks
- Ransomware
- Spyware
- Trojan horses
- Worms
Interestingly however, it turns out that only a small fraction of the e-mails actually had malicious intent, meaning that the super-strict filters being employed by companies are capturing a huge number of perfectly legitimate e-mail messages in their dragnet and rejecting them out of hand.
On the other hand, the FireEye analysis also determined that impersonation attacks have undergone a shift from domain name spoofing to “friendly” domain name scams – ones in which an e-mail address is manipulated to impersonate a trusted source.
As the study cautions:
“This shift in tactics may be driven by how easily cyber criminals can ‘spoof’ the display name and username potion of an e-mail header. Instead of having to go through the process of buying and registering a domain similar to – or one that sounds like – the recipient’s domain, they can simply change the display/user name.”
The FireEye analysis is a reminder that because of its sheer pervasiveness, e-mail communications are also the most popular conduit for potentially significant cyberattacks. No wonder companies have their guard up.
The problem is, clearly a whole lot of wheat is being thrown out with the chaff. And that makes e-communications hardly the slam-dunk communications tactic that many people assume it to be.
Nones Notes 
An email is more like knocking at the door than sending a letter. Mailboxes in the driveway aren’t into rejection. These days we have video doorbells to help us vet the difference between a burglar and package delivery. They help, but aren’t foolproof. A serial killer wearing a suit might be let in.
Not only business is affected by screening. Private emails are, as well. A while back, I sent an Australian friend who dislikes cats a joke email supposedly from the Australian Department of Feline Affairs, purporting to deliver a subsidy for his new cattery. He never got it. I suspect that faking the email must have triggered various spam warnings. As a result, he and the Australian government remain catless, minus a laugh or two….
We remain stuck with the problem: imitation is the sincerest form of flattery. It is also the basis for much of the world’s crime. Imposters aren’t going away anytime soon.
Proponents of email marketing won’t like what I am about to say here, but as a RECIPIENT I fail to see any difference between unsolicited email and the universally despised practice of robocalling.
Callers have effectively hijacked technology to flood my telephone number (which belongs to me, and which I pay for) with unsolicited phone calls which are either harmless but irritating, in the best case, or outright fraudulent in the worst. It has gotten so bad that many people, myself included, began to question the need for keeping their telephone service at all.
Email isn’t any different, except that screening technology has improved out of necessity to such an extent that fewer than 10% of the unsolicited messages get through to me (where I promptly ignore them) and I rarely have to hunt for wanted email in my Clutter or Junk folders. Note here that the emails I’m usually looking for in Clutter and Junk are the ones sent to me after I ask to reset my password, a time-wasting activity which malicious actors have rammed down my throat by forcing me to manage a multiplicity of complex passwords in order to mitigate security risks.
For far too long, email and telephone marketers have leveraged technology so they can “pile on” to recipients, and today’s deliverability challenge is a case in point that their chickens are finally coming home to roost. It’s about to happen with robocalls, too. Just last week I discovered that T-Mobile has a free service which automatically blocks known robocalls and fraudulent calls using their own database. It took me about 5 seconds to subscribe to this service, after which the number of robocalls reaching my phone dropped 90%. As a result I am now forwarding all my landline calls to my mobile number, because the landline service provider still forces me to maintain my own database (incredibly, it also caps how many telephone numbers I can block).
The moral of the story is simple: Too many marketers succumbed to greed or competitive pressure by leveraging technology which cheaply floods communication channels with unsolicited marketing collateral or outright frauds. In doing so, they killed the goose which laid the golden eggs, and which could have been kept alive with a bit of ethical propriety. Their behavior was so egregious that it does not bother me one bit if, in the aftermath, legitimate communications are being lost. Good riddance!