SendGrid posts industry’s first inbox protection rate to increase cybersecurity, transparency at holidays

Thursday December 13, 2018 0 comments Tags: Denver, SendGrid, Scott Gerlach, Len Schneyder

DENVER -- SendGrid, Inc. (NYSE: SEND), a leading digital communication platform, is the first email service provider (ESP) to announce its Inbox Protection Rate publicly in an effort to increase cybersecurity and privacy transparency and to elevate the cause of inbox protection.SendGrid_logoNEW

SendGrid’s Inbox Protection Rate measures the success of its compliance efforts to prevent malicious email from reaching SendGrid’s approximately 2 billion email recipients.

As of Dec. 12, SendGrid said it achieved a 99.97% legitimate email rate across all of its outbound mail flow.

Protecting the inbox has become increasingly important as phishing emails remain one of the dominant methods that cyber criminals use to access users’ most guarded credentials.

Many major data breaches begin with fraudulent email; cyber criminals will exploit a poor mail configuration to send fake emails purporting to be the targeted sender.

FireEye’s recent Email Threat Report asserted that less than a third (32%) of email traffic seen in the first half of 2018 was considered ‘clean’ and actually delivered to an inbox.

The report also found that 1 in every 101 emails had malicious intent.

Email security and awareness is especially critical around the holidays when retail and eCommerce brands are sending markedly higher email volumes.

SendGrid processed 2.8 billion emails on Black Friday 2018 and 2.9 billion emails on Cyber Monday 2018 on behalf of its customers, marking its two largest sending days ever.

As email volumes rise, cyberattacks are expected to jump by nearly 60% this holiday season, compared to other months throughout the year, according to Carbon Black’s new Holiday Threat Report.

“More companies are choosing to outsource their email sending to third party ESPs like SendGrid to handle their transactional and marketing email services at scale,” said Scott Gerlach, SendGrid’s chief information security officer.

“On a rolling 90-day basis, SendGrid touches one half of the world’s unique email users estimated at 2 billion people. Because we operate at such high scale, SendGrid is committed to and responsible for maintaining a clean, phish-free mail flow by investing heavily in our people, process and technology.

“We have made a commitment to our customers and the email ecosystem to further email security transparency and educate the market on phishing attacks.”

SendGrid said maintaining legitimate mail flow requires both a technical understanding of the highly sophisticated filtering schemas employed by the receiving domains and mailbox providers, and a human talent for diagnosing non-delivery events and remediating them either through technical changes or modifications of marketing tactics.

SendGrid said it protects its customers from email phishing by:

  • Automated machine learning and artificial intelligence defenses spanning several key areas that include the stages of a customer’s lifecycle with SendGrid, user behaviors while using SendGrid, and the actual content that is processed by SendGrid on behalf of its users.
  • Neural network to mitigate the ability of phishers to sign up for SendGrid’s service.
  • Proprietary machine learning systems that are trained to differentiate the characteristics between legitimate and fraudulent emails to prevent phish from leaving SendGrid.
  • Intelligent traffic cop that watches the mail flow from new accounts to ensure anomalous or large deployments are slowed or stopped, when necessary. The algorithm and process used to build this traffic cop were patented in 2017 by SendGrid’s lead data scientist, Dr. Aaron Beach, and former SendGrid co-founder, Tim Jenkins.

“By setting benchmarks for the effectiveness of our security and protection efforts, we can better understand how spammers and cyber criminals evolve their attacks to further protect our customers and, in turn, their customers,” said Len Shneyder, SendGrid’s VP of industry relations.

“Compliance is not a destination, compliance is an ongoing function that not only safeguards SendGrid’s more than 78,000 paying customers but the billions of recipients that have subscribed to receive emails from these businesses.

“The onus is on us as ESPs to prevent abuse of our email infrastructure, mitigate the cascading damages it can cause and educate our customers.”