Email Security Trends for 2018

Email is the lifeblood of any business.

According to Radicati’s Email Statistics Report, 2017-2021, the number of business email accounts is expected to grow from 1 billion in 2017 to 1.1 billion by 2021, with an estimated average annual growth rate of 2%. It is not news that spam is a huge problem for businesses, with 59.56% of email traffic worldwide consisting of spam messages, and daily cyberattacks hitting users’ mailboxes globally.

In 2017, the WannaCry ransomware attack is reported to have infected more than 300,000 computers across 150 countries. Keeping safe from cyberattacks is a huge challenge for most companies. This blog looks at the growing threat from spam and the latest trends you need to be aware of.

Trend 1: Spam is still a threat

spamthreat.jpgOut of 10 emails coming into your inbox, around six are likely to be spam. Be it a fake lottery win, a miracle cure for any disease, or the news of an inheritance from a so-called relative, people have adapted to junk flooding their mailboxes.

While other email threat methods continue to grow, spam level stays constant globally and are expected to remain the same in 2018.

To prevent spam from disrupting your business, it is recommended you add a protective layer to your email service that will filter out spam messages and help ensure email continuity.

Trend 2: Spear phishing continues to dominate

speaphishing email.jpgWhile spam continues to be an issue in general, phishing and malware dominated the email security landscape in 2017, and it’s likely this will continue in 2018.

With an increasing number of mailboxes protected by quality anti-spam solutions, and consumers (more susceptible than business users in general) moving a lot of communication away from email to other platforms, spam is less profitable than it once used to be.

Spear phishing (where the phish is tailored carefully to target someone specific, such as your payments clerk or CFO) operates on a different model than spam. Rather than low work, high volume, and profit by convincing a tiny fraction of recipients to pay a small amount of money, it’s more work, lower volume, with profit coming from convincing a significant proportion of recipients to pay potentially many thousands of dollars.

We expect that during 2018, the risk from spear phishing will continue to grow. Recognizing a well-made spear phish attack is challenging, both for the target and for anti-phishing solutions, and the potential reward makes this an attractive target for attackers.

The most significant changes companies can make to prevent phishing are to configure the following:

  • SPF (sender policy framework)—this tells a recipient where email from your organization should come from.
  • DKIM (domain keys identified mail)—this cryptographically signs messages to both prevent tampering and confirm who sent the message.
  • DMARC (domain-based message authentication, reporting, and conformance)—this allows a sender to tell recipients what SPF and DKIM results to expect, and what to do when the checks fail.

All good anti-phishing solutions will make use of SPF, DKIM, and DMARC checks, and results from these authentication checks are displayed in many email clients as well. If you protect your organization, you stop anyone using you as a mask for their phishing attack, and you also prevent attacks where an email supposedly comes from within your organization. Whitelisting senders is only safe when the sender has these safety systems configured.

We suspect that, in 2018, we’ll see “phishers” making increased use of the wealth of data available about individuals (through increased online presence as well as common data breaches), as well as the rise in cheaply available data processing models. Combining cheap, powerful “AI” and large data stores should allow phishers to further automate spear phishing attacks, driving the cost down while still potentially reaping much higher rewards than simple spam.

Trend 3: Malware that leads to ransomware

Malware_email.jpgPhishing and malware attacks provide a first layer for attackers to gain access to systems. We expect that 2018 will see a continuation of the use of ransomware as the primary payoff for these attacks, as the repeated success of ransomware in general over the course of 2017 has shown that many people do not have sufficient protection or backup in place.

We may also start seeing the use of compromised systems for generating cryptocurrency (e.g., Bitcoin and other altcoins). This would be more of a return to ‘traditional’ use of large-scale compromised systems (botnets), where the attacker hopes to gain long-term use of the system without its owner noticing. The payoff takes much longer than convincing someone to pay a ransom, but there is generally less risk involved.

With WannaCry and NotPetya in 2017, email had little to almost no involvement in the spread of the attacks. This was contributing to the speed at which they spread, as the direct propagation avoided the delays that are typically seen with an email vector. It’s likely that we’ll continue to see a mixture of attack vectors in 2018, with some risk from mail (both from attachments or links in the message, and from systems compromised via phishing messages), as well as through other vectors like EternalBlue.

It’s clear there’s an increasing need for a multilayered defense—a robust email security layer that blocks spam and phishing attacks, as well as preventing access to dangerous attachments and links—but also robust endpoint security that directly secures end-user devices. A healthy backup system remains the most effective protection against ransomware—and allows continuation of business-critical functions if your systems are down (e.g., email archive, continuity).


Tony Meyer is a Senior Product Architect leading the architecture of the email products (Mail Assure Email Protection, Mail Assure Mail Archiving, SpamExperts Incoming Filter, SpamExperts Outgoing Filter, SpamExperts Archiving) at SolarWinds MSP. He has been programming since 1984, and has more than 15 years’ experience working in the email security field.


Click here to find out how SolarWinds® Mail Assure™ can help you protect your customers’ businesses.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site