Cloudflare blocked 3.4 billion unwanted emails last year


That would be 9.3 million emails per day, 6,500 per minute, and 108 per second.

The web security company Cloudflare said that it blocked 3.4 billion unwanted emails in 2023, a rise from 2.4 billion a year before. This accounted for more than a quarter of all the messages it processed online, it said.

The blocked emails included spam, malicious emails, and bulk messages – or emails sent to a large number of recipients simultaneously, regardless of whether they were solicited or not.

ADVERTISEMENT

The growth in customer numbers was partly behind the increase, Cloudflare said, noting that it accounted for 42% of the rise in unwanted emails. “But this gives a sense of scale in this email area,” the company said.

According to Cloudflare, unwanted emails can include malicious links that are difficult to detect, are becoming more frequent, and can have “devastating” consequences for individuals and businesses.

It said that malicious messages such as phishing attempts accounted for almost 3% of emails in 2023 and showed a “growth tendency during the year, with higher percentages in the last months.”

One factor used to evaluate the email’s legitimacy is its Top-Level Domain, or TLD, the part of the email address that follows the dot. Cloudflare’s findings show that recently introduced generic TLDs, including several linked to the beauty industry, were predominantly used both for spam and malicious attacks in 2023.

According to the company, 95% of emails ending in TLDs such as .uno, .sbs, and .beauty, all introduced since 2014, were flagged as spam or malicious. Malicious emails also frequently originate from recently created generic TLDs like .bar, .makeup, or .cyou.

In terms of volume, .com still accounts for 67% of all spam and malicious emails, followed by .shop at 5% and .net at 4%. A country-specific TLD .no, which is designated for Norway, is next with 3%, followed by .org with 2%, and then .ru and .jp, both at 1%.

Generic TLDs introduced after 2014 represent 13.4% of all spam and malicious messages, while country-specific codes account for more than 12%.

“That said, ‘.shop’ deserves a highlight of its own,” Cloudflare said. Even though it was only introduced in 2016, the domain was already number two in terms of volume, and “its influence is growing.”

ADVERTISEMENT

Reasons behind the popularity of generic TLDs include “the availability of domain names that can seem legitimate or mimic well-known brands.”

“Cybercriminals often use popular or catchy words. Some [generic] TLDs allow anonymous registration. Their low cost and the delay in updated security systems to recognize new [generic] TLDs as spam and malicious sources also play a role – note that, as we’ve seen, cybercriminals also like to change TLDs and methods,” Cloudflare said.