• by Ray Schultz , Columnist, July 26, 2017

Here’s more bad news: Roughly a quarter of all email is aggravating or dangerous, judging by a study from Mimecast. 

The company examined over 45 million emails and found that almost 11 million had something wrong with them. Only 34 million were deemed safe. In total, 24.2% were bad or likely bad. 

Worse, company security systems failed to spot these messages.   

How did Mimecast determine all this? 

The company performed a Email Security Risk assessment (ESRA) on emails going to 62,323 email users over 428 days. In an ESRA, Mimecast “passively inspects emails that have been passed by the incumbent email security system and received by the organization’s email management system,” the report says.

The objective? To re-inspect “the emails deemed safe by the incumbent email security system” and look for false negatives, such as spam or malicious attachments, the study continues. 

It’s not clear whether the findings can be projected to email volume as a whole. But assuming they can, to a degree, let’s break them down.

Out of the bad emails — or false negatives — 99.8% were opportunistic spam messages, “annoying and time-wasting but not lethal,” the report continues.

Mimecast doesn’t define spam, but we guess it’s non-permission based emails, scam emails or both.

The “lethality” increases as you move down the inspection funnel,” the study warns.

Mimecast found 8,682 dangerous file types. These cover roughly 1,900 types that are “rarely sent via email for legitimate purposes,” the study says. “Examples of these dangerous file types are .jsp (Java Server Pages), .exe (executables), and .src (source) files.”

Worse, these emails 2,281 contained malware attachments. These were missed by the incumbent security systems, the report states.

Of these attachments, 1,778 were known malware types. The fact that systems missed them points to a “significant weakness” in a firm’s malware detection capabilities.

In addition, Mimecast discovered 503 malware types that had never been seen.

These are dangerous because “unknown malware will generally not be blocked by commonly used endpoint anti-virus technology,” the study states.

Mimecast also found 9,677 impersonation attempts 

It defined these as “social engineering heavy emails that attempt to impersonate a trusted party, such as a C-level executive, employee or business partner, with the goal of prompting the recipient to do something they shouldn’t” -- such as prompting them to wire money, the company says.

Here’s one cautionary note: Mimecast is using these results to promote its own cloud-based security service. Readers should approach with a skeptical eye.

Still, the findings have the ring of truth.

It’s clear: There are many bad players sending dangerous emails. And security systems are failing to flag and block them.

Whichever service you use, it may be time to examine your security apparatus.