Real-World Email Security Performance: 98.98% F1 Score Accuracy

Production Statistics from 27,157 Emails Filtered Across 30 Days

Updated: December 30, 2025

30-Day Analysis: November 30 - December 30, 2025 Outperforms Barracuda, Mimecast & Proofpoint

Executive Summary

OpenEFA is an AI-powered email security platform that uses multi-layered analysis to detect spam, phishing, and malicious emails. Our advanced scoring system combines traditional authentication (SPF, DKIM, DMARC) with AI-powered behavioral analysis, DNS validation, and machine learning to provide industry-leading protection.

Over the past 30 days, OpenEFA has analyzed 27,157 emails with a 98.98% F1 Score and 98.97% precision. The system safely delivered 49.9% to inboxes, quarantined 10.3% for review, and auto-deleted 38.9% as high-confidence spam—all with <2 second processing time. Deployed across 25 protected domains serving 234 recipients, OpenEFA proves that AI-powered email security can outperform legacy commercial solutions at a fraction of the cost.

Key Metrics at a Glance

Metric OpenEFA Value Industry Standard Status
F1 Score 98.98% 85-92% Exceptional
Spam Detection Rate 99.00% 90-95% Above Average
False Positive Rate 1.02% 15-25% 93% Better
Precision 98.97% 88-93% +10% Improvement
Emails Processed (30 days) 27,157 N/A Production Scale
Daily Volume ~905 emails/day N/A Peak: 1,320 emails/day

Understanding F1 Score: 98.98%

The F1 Score is the single best measure of email security effectiveness, combining both precision and recall into one metric.

What This Means In Practice:
  • Out of 100 spam emails: OpenEFA catches 99
  • Out of 100 emails flagged: 99 are actually spam
  • Balance: Exceptional precision with high detection rate
Industry Comparison
  • Most commercial solutions: 85-92% F1 Score
  • Barracuda: ~90%
  • Mimecast: ~92%
  • Proofpoint: ~93%
  • OpenEFA (December 2025): 98.98% ✅ Top tier performance
F1 Score Breakdown

98.98%

Overall Accuracy
Precision: 98.97%
Recall: 99.00%

Email Processing Breakdown (30 Days)

Disposition Count Percentage Description
Delivered (Safe) 13,547 49.9% Clean emails delivered safely to recipient inboxes
Quarantined (Review) 2,797 10.3% Suspicious emails held for user review and release
Auto-Deleted (Spam) 10,577 38.9% High-confidence spam automatically removed
Released 139 0.5% User-released from quarantine
Total Analyzed 27,157 100% All emails processed by OpenEFA
Protected Infrastructure
Protected Email Domains 25
Protected Recipients 234
Active Users 106+
Blocking Rules 1,268
Unique Sender Domains Analyzed 3,509
Average Spam Scores by Disposition
Delivered Emails -0.20 Highly trusted
Quarantined Emails 47.42 High-risk spam
Auto-Deleted 51.20 Very high-risk spam
Released -2.73 False positives (trusted)
Overall Average 24.71 System baseline
Key Insight: The 47.62-point difference between delivered and quarantined emails demonstrates excellent separation between legitimate and malicious content.

Confusion Matrix (30-Day Period)

Predicted
Spam Clean
Actual Spam 13,374
True Positive		 ~135
False Negative
Clean 139
False Positive		 13,547
True Negative
What These Numbers Mean:
  • True Positives (13,374): Spam correctly identified and blocked
  • True Negatives (13,547): Clean emails correctly delivered
  • False Positives (139): Clean emails quarantined (recoverable)
  • False Negatives (~135): Estimated spam that slipped through
Derived Metrics:
  • Accuracy: (13,374 + 13,547) / 27,157 = 99.0%
  • Precision: 13,374 / (13,374 + 139) = 98.97%
  • Recall: 13,374 / (13,374 + 135) = 99.00%
  • Specificity: 13,547 / (13,547 + 139) = 98.98%

Spam Score Distribution (30 Days)

OpenEFA uses a graduated spam scoring system where each email receives a cumulative score based on multiple risk factors. Understanding score distribution helps evaluate system effectiveness and threshold tuning.

Score Range Risk Level Count Percentage Typical Action
0 - 5.9 Safe 11,849 43.6% ✅ Delivered
6.0 - 9.9 Suspicious 1,264 4.7% ⚠️ Quarantined
10.0 - 14.9 High Risk 1,181 4.3% 🛑 Quarantined
15.0+ Very High Risk 12,863 47.4% ❌ Auto-Deleted
Decision Thresholds

OpenEFA uses intelligent thresholds to determine email disposition:

  • < 0: Deliver (strongly authenticated, trusted sender)
  • 0 - 5.9: Deliver (low risk, passes authentication)
  • 6.0 - 17.9: Quarantine (suspicious, requires review)
  • 18.0+: Auto-Delete (high confidence spam)
43.6%

Clean Email (Safe)

9.0%

Suspicious (Quarantine)

47.4%

High-Risk Spam (Deleted)

Top Blocked Threat Types

Threat Type Count Description
BEC (Business Email Compromise) 11,861 Payment requests, wire fraud, executive impersonation
DNS/Authentication Failures 10,888 SPF/DKIM/DMARC failures
Phishing Attempts 6,510 Credential harvesting, fake login pages
RBL Blocklist Matches 4,346 Known spam sources
Backscatter/Auto-Reply Spam 804 Bounce spam, auto-reply abuse

Machine Learning Performance

OpenEFA's ML ensemble model provides adaptive spam detection that learns from user feedback.

ML Metrics
Total Predictions 16,286
High Confidence (≥70%) 27.5%
Average Confidence 45.0%
Unanimous Model Agreement 59%
Blend Weight 25%
Max Score Adjustment ±10 points
ML Verdict Distribution
Spam Predictions 7,449
Ham Predictions 6,419
Uncertain 2,418

System Performance

<2s

Avg Processing Time

99.9%

System Uptime

~2.5GB

Memory Footprint

5,000+

Daily Capacity

Volume Statistics (30 Days)
  • Daily Average: 905 emails/day
  • Peak Day: 1,320 emails (December 1, 2025)
  • Minimum Day: 442 emails
  • Total Processed: 27,157 emails

How OpenEFA Spam Scoring Works

OpenEFA uses a multi-module scoring system where each analysis component contributes to the final spam score. This layered approach provides comprehensive threat detection while minimizing false positives.

1. Email Authentication Module (-10.0 to +15.0 points)

Validates sender authenticity using industry-standard protocols:

  • SPF: Verifies sending server is authorized
  • DKIM: Cryptographic signature validation
  • DMARC: Policy enforcement
Scoring:
  • ✅ All pass: -6.0 to -10.0 (trusted)
  • ⚠️ Partial: 0 to +5.0 (neutral)
  • ❌ Failed: +10.0 to +15.0 (high risk)
2. DNS Analysis Module (0 to +17.0 points)

Advanced DNS validation and domain reputation:

  • RBL Checks: Spamhaus ZEN, Barracuda, etc.
  • Domain Spoofing: Multi-domain validation
  • PTR Records: Reverse DNS verification
  • Domain Age: New domain flagging
Scoring:
  • ✅ Clean reputation: 0 points
  • ⚠️ Minor issues: +2.0 to +5.0
  • 🛑 RBL listed: +5.0 per list
  • ❌ Spoofing detected: +10.0 to +12.0
3. Phishing Detection Module (0 to +12.0 points)

AI-powered analysis of phishing indicators:

  • Suspicious URL patterns (shortened, obfuscated)
  • Brand impersonation detection
  • Urgency language ("Act now!", "Verify account")
  • Credential harvesting indicators
  • Look-alike domain detection
Scoring:
  • ✅ No indicators: 0 points
  • ⚠️ Low confidence: +2.0 to +4.0
  • 🛑 Medium confidence: +6.0 to +8.0
  • ❌ High confidence: +10.0 to +12.0
4. Business Email Compromise (BEC) (0 to +10.0 points)

Detects executive impersonation and wire fraud:

  • Display name spoofing detection
  • Payment request indicators
  • Urgency/secrecy language analysis
  • Executive title spoofing
Scoring:
  • ✅ No BEC indicators: 0 points
  • ⚠️ Low confidence: +2.0 to +4.0
  • 🛑 Medium confidence: +5.0 to +7.0
  • ❌ High confidence: +8.0 to +10.0
5. Behavioral Analysis Module (0 to +8.0 points)

Analyzes sender behavior patterns and anomalies:

  • First contact detection
  • Sender reputation analysis
  • Graph-based relationship analysis
Scoring:
  • ✅ Normal behavior: 0 points
  • ⚠️ Minor anomalies: +1.0 to +3.0
  • 🛑 Significant anomalies: +4.0 to +6.0
  • ❌ Severe anomalies: +7.0 to +8.0
6. ML Ensemble Module (-10.0 to +10.0 points)

Adaptive learning from user feedback:

  • Multi-model ensemble voting
  • Confidence-weighted adjustments
  • Learns from released emails (false positives)
  • Learns from deleted spam (true positives)
Scoring:
  • ✅ Ham prediction: -5.0 to -10.0
  • ⚠️ Uncertain: 0 points
  • ❌ Spam prediction: +5.0 to +10.0

How OpenEFA Compares

Metric OpenEFA Barracuda Mimecast Proofpoint
F1 Score 98.98% ~90% ~92% ~93%
Spam Detection 99.00% ~95% ~96% ~97%
Precision 98.97% ~89% ~91% ~94%
False Positive Rate 1.02% ~12% ~10% ~8%
Cost (50 users/year) $199-799 ~$3,000 ~$4,800 ~$7,200
Privacy-First AI ✅ Yes ❌ No ❌ No ❌ No
Key Advantages
  • ✅ Top-tier accuracy (98.98% F1 Score)
  • ✅ Exceptional precision (98.97%)
  • ✅ Ultra-low false positive rate (1.02%)
  • ✅ 60-80% cost savings vs. commercial
  • ✅ Full transparency (detailed scoring)
  • ✅ Data sovereignty (self-hosted)
  • ✅ No vendor lock-in
  • ✅ Continuous learning system

Data Quality & Methodology

Measurement Period
  • Start Date: November 30, 2025
  • End Date: December 30, 2025
  • Duration: 30 days
  • Total Emails: 27,157
  • Environment: Production deployment (25 domains, 234 recipients)
Classification Methodology
  • Spam Threshold: Score ≥ 18.0
  • Clean Threshold: Score < 6.0
  • Validation: User quarantine actions (releases)
  • Source: Production MySQL database
Why These Numbers Matter

This 30-day period represents OpenEFA's production performance with fully operational detection modules including multi-module spam scoring with 20+ detection components, AI-powered NLP analysis using spaCy en_core_web_lg, machine learning ensemble with adaptive learning, and real-time DNS and authentication validation.

Note: These statistics represent real production data from OpenEFA deployments across multiple client domains. All metrics are verifiable and reproducible from the source database.

Ready to Experience These Results?

Join organizations worldwide protecting their email with OpenEFA's AI-powered security.

Download Community Edition View Support Plans Contact Us