Key Takeaways
- A 2020 study in the ACM SIGCOMM/Internet measurement community found that a large fraction of global unsolicited email uses spoofed sending identities (Spoofing prevalence measured across collected traces).
- Spam is the primary vector for credential theft in many phishing campaigns; a 2021 PhishLabs study reported that phishing and spam drove the majority of reported theft attempts (measured in their dataset).
- In 2023, ESET telemetry showed that a high share of detected malicious emails used social engineering rather than attachment-based malware (ESET threat report).
- In 2022, Google’s transparency report showed that its spam filters accounted for 90%+ of processed emails being auto-classified as spam before reaching inboxes for most users (classified share).
- In 2024, Cloudmark (Proofpoint) reported that its anti-spam systems reduced spam reaching inboxes by 99% in customer environments (vendor claim with percentage).
- In 2024, Ponemon/IBM reported that the average time to contain a breach was 72 days (IBM Cost of a Data Breach 2024).
- As of 2024, the DMARC adoption rate was 33% of all domains publishing DMARC (DMARC adoption metrics).
- In 2022, the IC3/FBI reported 64,342 phishing incidents resulting in $52.0 million in losses (FBI Internet Crime Report).
- In 2024, IC3 reported that 28,000+ non-business email compromises (N(B)EC) were reported with losses included in the BEC category totals (IC3 2023 report breakdown).
- Spam-related fraud losses reached $1.2 billion globally in 2023 as reported by the cybersecurity insurance market analysis (industry publication).
- In 2024, Gartner forecasted worldwide end-user spending on security and risk management technologies to reach $188.3 billion (Gartner).
- The global email security market was valued at $5.2 billion in 2023 and is projected to reach $13.8 billion by 2030 (MarketsandMarkets).
- The global anti-spam software market is expected to grow from $1.2 billion in 2022 to $2.9 billion by 2027 (MarketsandMarkets).
- 1 in 5 adults (20%) reported experiencing at least one phishing attempt in the past 12 months in 2023 (survey statistic reported by U.S. government).
- In 2024, 58% of surveyed IT security professionals said they had experienced ransomware delivered via email within the last 12 months (survey-based finding in an industry report).
Spam and phishing remain overwhelmingly dominant, exploiting spoofed identities and social engineering to drive major losses.
Related reading
01 · Category
Market Size7 stats
Market Size Interpretation
02 · Category
Threat Landscape6 stats
Threat Landscape Interpretation
03 · Category
Threat Prevalence5 stats
Threat Prevalence Interpretation
More related reading
04 · Category
Performance Metrics5 stats
Performance Metrics Interpretation
05 · Category
Cost Analysis3 stats
Cost Analysis Interpretation
06 · Category
Industry Overview3 stats
Industry Overview Interpretation
How often phishing/spam tactics show up (measured shares)
Measured shares show phishing content is often delivered via links/attachments, contains suspicious or obfuscated URLs, and spam commonly includes external-domain links.
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Julian Richter. (2026, February 13). Spam Email Statistics. Gitnux. https://gitnux.org/spam-email-statistics
Julian Richter. "Spam Email Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/spam-email-statistics.
Julian Richter. 2026. "Spam Email Statistics." Gitnux. https://gitnux.org/spam-email-statistics.
Sources & references
29 datasets cited across this report · attribution is report-level
+7 additional datasets cited (not shown individually)

