GMX and Web.de filter 1.9 billion spam emails a week – also thanks to AI

GMX and Web.de filter 1.9 billion potentially dangerous emails from the message stream every week. In the same quarter of the previous year, the figure was 1.4 billion, i.e. significantly less. Most emails with malicious intentions are supposedly from parcel services and customer service. Artificial intelligence is a "game changer" when it comes to detecting spam.

As the two major email providers report, small internet companies are increasingly being used for spam emails and no longer just the major providers such as Microsoft and Gmail. "We are currently seeing attackers penetrating the systems of small and medium-sized cloud and hosting providers in other European countries. Once they have taken over their infrastructure, they can send spam messages via a large number of email servers," says Arne Allisat, Head of Email Security at GMX and Web.de. However, such spam attacks are usually easy to detect. All in all, says Allisat, 99.9 percent of spam emails are intercepted.

Protection from spam thanks to AI

One security concept is called the "Reject and Defer Policy", which means that suspicious emails are rejected as soon as the connection to the mail infrastructure is established; alternatively, the emails are delivered with a delay. Legitimate senders try again later. According to GMX and Web.de, criminals are under time pressure as they could lose access to hijacked email servers –, so they try directly as "ons shot".

The basis of the security systems is, of course, AI. "With our AI-supported analysis tools, we can now react even faster to a wide variety of threats. For example, our systems dynamically decide within milliseconds how many emails a sender server is allowed to deliver in a certain time – if this value spontaneously rises, this is a clear indication of possible spam being sent and we can react immediately," explains Allisat in a press release.

Most phishing attempts are those in which the emails claim that a parcel service is trying to reach the addressee. The recipient is asked to pay customs duties or a handling fee, for example. This is how the criminals obtain money and often also bank details. In "customer service phishing", the attackers pretend to be the customer service department of the email provider and obtain the login details. They can use these to access email inboxes and send further spam emails or even use them for online shopping.

Last year, the amount of spam emails increased dramatically. GMX and Web.de reported a 40 percent increase in spam. However, these did not end up in the inboxes, but were also filtered. The provider saw the reason for the increase in AI – because AI makes it even easier and faster to create and distribute such emails.

If there are a particularly large number of emails in the spam folder with a timestamp that exactly matches the time at which the emails were retrieved, this is also a sign of spam. According to a GMX and Web.de spokesperson, reputable providers always have a correct time stamp in the header (RFC specification 5322). The inbox is sorted according to this. If the date header is missing, this indicates spam and the mails are then sorted according to the time they were retrieved.

(emw)