No End in Sight to the Challenge of Email Deliverability

When it comes to e-mail communications in the B-to-B world, yet another study is underscoring just how challenging it is to reach corporate inboxes.

A new report by cyber-security firm FireEye, Inc. reveals that fewer than one-third of e-mails sent are actually making it into corporate inboxes. The FireEye analysis was based on tracking more than a half-billion e-mails sent between January and June of 2018.

The majority of those e-mails were deemed to be spam or malicious in their intent. Nearly 60% were blocked by threat intelligence and around 10% more were halted by attack prevention tactics such as URL inspection and attachment detonation.

E-mails were deemed suspicious because they triggered one or more of the following “red-light” cautions:

  • Malware-less impersonations
  • Malware viruses
  • Phishing attacks
  • Ransomware
  • Spyware
  • Trojan horses
  • Worms

Interestingly however, it turns out that only a small fraction of the e-mails actually had malicious intent, meaning that the super-strict filters being employed by companies are capturing a huge number of perfectly legitimate e-mail messages in their dragnet and rejecting them out of hand.

On the other hand, the FireEye analysis also determined that impersonation attacks have undergone a shift from domain name spoofing to “friendly” domain name scams – ones in which an e-mail address is manipulated to impersonate a trusted source.

As the study cautions:

“This shift in tactics may be driven by how easily cyber criminals can ‘spoof’ the display name and username potion of an e-mail header. Instead of having to go through the process of buying and registering a domain similar to – or one that sounds like – the recipient’s domain, they can simply change the display/user name.”

The FireEye analysis is a reminder that because of its sheer pervasiveness, e-mail communications are also the most popular conduit for potentially significant cyberattacks. No wonder companies have their guard up.

The problem is, clearly a whole lot of wheat is being thrown out with the chaff.  And that makes e-communications hardly the slam-dunk communications tactic that many people assume it to be.