Cloudflare recently announced the launch of a new Email Security section on Cloudflare Radar. This section will provide insights into the current state of email security. The new metrics offer real-time visibility into email-borne threats, allowing organizations to correlate trends within their environment with broader security observations from Cloudflare.
Email remains a vital internet service despite the rise of messaging apps. Its widespread use makes it a major target for cyberattacks. Cloudflare offers email routing and security services to protect customers. The new Email Security section of Cloudflare Radar provides insights into malicious email trends, spam sources, and the use of email protection technologies. David Belson, head of data insight at Cloudflare, elaborated on the features in a blog post.
To begin with, the new Email Security section on Cloudflare Radar reveals the overall percentage of emails Cloudflare classified as malicious.
For example, in February 2024, an average of 2.1% of emails were malicious. Notably, spikes reached 29% on February 10th and 11th, just before the Super Bowl. This aligns with past trends of increased malicious email activity before major events.
Source: Launching email security insights on Cloudflare Radar
Cloudflare Radar also reveals trends across different threat categories. This includes threats with malicious file attachments (Attachment), threats designed to trick users into clicking dangerous links (Link), threats where attackers pretend to be trusted brands or individuals (Impersonation), and additional threat types (Other).
Attackers often impersonate trusted brands to trick users into opening malicious emails and taking actions like checking fake shipping updates or reviewing fraudulent transactions. In February 2024, over a quarter of malicious emails employed this impersonation tactic. Significant spikes reached as high as 88% on February 17th.
Extortion attempts were also common, making up just over 18% of malicious messages. These campaigns peaked on February 15th at over 95%, likely exploiting the increased emotional context around Valentine's Day.
Source: Launching email security insights on Cloudflare Radar
Cloudflare made headlines this year by open-sourcing Pingora, their Rust-based proxy service framework, and introducing event notifications for their R2 object storage. These updates allow developers to automate responses to data changes, enhancing efficiency. Cloudflare's decision to enable Python for Workers also generated excitement. One HN user, noman-land, highlighted, "This is kind of a game changer for running AI stuff on Cloudflare. Been hoping for this for a while now."
Cloudflare Radar also offers flexible filtering options, allowing users to analyze data by timeframe and Top-Level Domain (TLD) type (all, country codes, or classic TLDs). In February 2024, the largest TLD, .com unsurprisingly, had the highest share of malicious emails and spam. Interestingly, even with registration restrictions, 2% of messages from .int and .gov domains were still classified as malicious.
Analyzing inbound mail server connections to Cloudflare reveals the distribution between IPv4 and IPv6. In February 2024, 95% of connections used IPv4, while only 5% used IPv6. You can access this summary and time-series data through the Cloudflare Radar API.
Cloudflare Radar's new Email Security section offers valuable insights into malicious email trends, spam sources, and protective technology adoption. This resource is useful for security researchers, email administrators, and anyone concerned with email security.
Cloudflare has invited users to ask questions about the new email section on their social media handles at @CloudflareRadar (X/Twitter), cloudflare.social/@radar (Mastodon), and radar.cloudflare.com (Bluesky).