Production Statistics from 52,264 Emails Filtered Across 30 Days
Updated: May 13, 2026
30-Day Analysis: April 13 - May 13, 2026 AI-Powered Multi-Layer Email Security
OpenEFA is an AI-powered email security platform that uses multi-layered analysis to detect spam, phishing, and malicious emails. Our advanced scoring system combines traditional authentication (SPF, DKIM, DMARC) with AI-powered behavioral analysis, DNS validation, and machine learning to provide industry-leading protection.
Over the past 30 days, OpenEFA has analyzed 52,264 emails with a 98.27% F1 Score and 96.62% precision. The system safely delivered 71.5% to inboxes, quarantined 3.9% for review, and auto-deleted 22.6% as high-confidence spam—all with <2 second processing time. Deployed across 31 protected domains serving 89 recipients, OpenEFA proves that AI-powered email security can deliver enterprise-grade protection at a fraction of the cost.
Industry F1 score context: Basic and open-source spam filters typically publish F1 scores of 0.75–0.88; average commercial secure email gateways score 0.85–0.92; strong enterprise vendors fall in the 0.92–0.95 band; and top-tier research and lab models on curated datasets reach 0.97–0.99+. Commercial vendors generally do not publish F1 scores directly — the closest available independent benchmark is Virus Bulletin’s VBSpam test, summarized further down this page.
| Metric | OpenEFA Value | Industry Standard | Status |
|---|---|---|---|
| F1 Score | 98.27% | 85-92% | Above Average |
| Spam Detection Rate | 99.98% | 90-95% | Above Average |
| False Positive Rate | 1.33% | 15-25% | 94% Better |
| Precision | 96.62% | 88-93% | Above Average |
| Emails Processed (30 days) | 52,264 | N/A | Production Scale |
| Daily Volume | ~1,686 emails/day | N/A | Peak: 2,106 emails/day |
The F1 Score is the single best measure of email security effectiveness, combining both precision and recall into one metric.
Email security vendors generally do not publish F1 scores directly. The closest public benchmark is Virus Bulletin's quarterly VBSpam test, which measures spam catch rate and false-positive rate under controlled conditions. VBSpam+ certified products in 2025 ranged from 99.3% to 99.99% on their composite final score (Mimecast: 99.71%; Bitdefender: 99.99%). Barracuda and Proofpoint do not currently participate.
OpenEFA (May 2026): 98.27% F1 on production traffic — see the methodology notes below for the apples-to-apples caveat.
| Disposition | Count | Percentage | Description |
|---|---|---|---|
| Delivered (Safe) | 37,346 | 71.5% | Clean emails delivered safely to recipient inboxes |
| Quarantined (Review) | 2,013 | 3.9% | Suspicious emails held for user review and release |
| Auto-Deleted (Spam) | 11,792 | 22.6% | High-confidence spam automatically removed |
| Released | 503 | 1.0% | User-released from quarantine |
| Total Analyzed | 52,264 | 100% | All emails processed by OpenEFA |
| Protected Email Domains | 31 |
| Protected Recipients | 89 |
| Active Users | 27 |
| Blocking Rules | 11,534 |
| Unique Sender Domains Analyzed | 6,475 |
| Delivered Emails | 0.43 | Low risk |
| Quarantined Emails | 59.80 | High-risk spam |
| Auto-Deleted | 70.80 | Very high-risk spam |
| Released | -6.04 | False positives (trusted) |
| Overall Average | 19.35 | System baseline |
| Predicted | |||
|---|---|---|---|
| Spam | Clean | ||
| Actual | Spam | 14,389 True Positive |
3 False Negative |
| Clean | 503 False Positive |
37,346 True Negative |
|
OpenEFA uses a graduated spam scoring system where each email receives a cumulative score based on multiple risk factors. Understanding score distribution helps evaluate system effectiveness and threshold tuning.
| Score Range | Risk Level | Count | Percentage | Typical Action |
|---|---|---|---|---|
| 0 - 5.9 | Safe | 36,083 | 69.0% | ✅ Delivered |
| 6.0 - 9.9 | Suspicious | 914 | 1.8% | ⚠️ Quarantined |
| 10.0 - 14.9 | High Risk | 758 | 1.5% | 🛑 Quarantined |
| 15.0+ | Very High Risk | 14,510 | 27.8% | ❌ Auto-Deleted |
OpenEFA uses adaptive, multi-factor thresholds to determine email disposition. Emails are classified as delivered, quarantined, or auto-deleted based on cumulative scoring across all analysis modules.
Clean Email (Safe)
Suspicious (Quarantine)
High-Risk Spam (Deleted)
| Threat Type | Count | Description |
|---|---|---|
| First-Contact Risk (New Sender) | 14,389 | Sender and/or domain never seen before in system history |
| BEC (Business Email Compromise) | 13,992 | Payment/wire fraud, executive impersonation — 1,023 CRITICAL, 915 HIGH, 2,458 MED, 6,683 LOW |
| Adversarial Patterns | 9,788 | Obfuscation, evasion tactics, and adversarial content signals |
| Phishing Attempts | 8,111 | Credential harvesting, fake login pages, impersonation |
| Brand & Display-Name Impersonation | 7,653 | Spoofed brand names, lookalike domains, executive display-name tricks |
| SPF / DKIM / DMARC Failures | 6,812 | Authentication failures across one or more protocols |
| Marketing / Cold Commercial Patterns | 5,718 | Unsolicited bulk/marketing content flagged by content classifier |
| Suspicious Payment Signals | 2,926 | Invoice, wire transfer, and payment-redirect fraud indicators |
| EFA Collective RBL Matches | 1,742 | Crowd-sourced blocklist hits from the OpenEFA Collective |
| Virus / Malware Detected | 252 | Known-bad attachments and embedded malware signatures |
OpenEFA's ML ensemble model uses multiple classifiers trained on production email data to provide adaptive spam detection.
| Training Samples | 23,348 |
| Training Balance | 11,674 spam / 11,674 ham |
| ML Accuracy | 89.2% |
| ML F1 Score | 89.5% |
| ML ROC AUC | 96.0% |
| Features | 130 |
| Last Retrain | May 8, 2026 |
| LightGBM | 96.0% |
| XGBoost | 95.9% |
| CatBoost | 95.5% |
| Random Forest | 95.0% |
| Logistic Regression | 93.0% |
Avg Processing Time
System Uptime
Memory Footprint
Daily Capacity
OpenEFA uses a multi-module scoring system where each analysis component contributes to the final spam score. This layered approach provides comprehensive threat detection while minimizing false positives.
Validates sender authenticity using industry-standard protocols:
Advanced DNS validation and domain reputation:
AI-powered analysis of phishing indicators:
Detects executive impersonation and wire fraud:
Analyzes sender behavior patterns and anomalies:
Adaptive learning from user feedback:
VBSpam is a quarterly independent benchmark run by Virus Bulletin. Products are tested against live spam feeds (Project Honey Pot, Abusix, MX Mail Data) and a curated newsletter ham corpus. Products that score 99.5%+ catch rate with zero false positives on the ham corpus earn the VBSpam+ certification.
| Rank | Product | Final Score | FP Rate (Ham Corpus) | Certification |
|---|---|---|---|---|
| 1 | Bitdefender GravityZone Premium | 99.995 | 0% | VBSpam+ |
| 2 | SEPPmail.cloudfilter | 99.989 | 0% | VBSpam+ |
| 3 | Sophos Email | 99.988 | 0% | VBSpam+ |
| 4 | FortiMail | 99.964 | 0% | VBSpam+ |
| 5 | Net at Work NoSpamProxy | 99.962 | 0% | VBSpam+ |
| 6 | N-able Mail Assure | 99.948 | 0% | VBSpam+ |
| 7 | N-able SpamExperts | 99.937 | 0% | VBSpam+ |
| 8 | Mimecast | 99.709 | 0% | VBSpam+ |
| 9 | Zoho Mail | 99.329 | 0% | VBSpam |
Barracuda and Proofpoint do not participate in VBSpam testing, so their true catch rate and false-positive performance cannot be independently verified. Their public claims (e.g. "99.9% spam capture") are self-reported and do not disclose false-positive rates in comparable terms.
OpenEFA does not currently submit to VBSpam testing. The figures above are reproduced from the published Q2 2025 VBSpam comparative review.
For reference, applying VBSpam's catch-rate methodology to our 30-day production data would yield a spam catch rate of ~99.98%. Our reported false-positive rate of 1.33% is measured against real customer traffic — which includes cold B2B sales, opt-in marketing, and mailing-list content — and is therefore stricter than VBSpam's controlled newsletter ham corpus, where most products score 0%. Direct numerical comparison is not apples-to-apples.
Where detection metrics are not independently comparable across vendors, cost, deployment architecture, and data sovereignty are.
| Attribute | OpenEFA | Barracuda | Mimecast | Proofpoint |
|---|---|---|---|---|
| Cost (50 users/year) | $199-799 | ~$3,000 | ~$4,800 | ~$7,200 |
| Self-Hosted / Data Sovereignty | ✅ Yes | ❌ Cloud only | ❌ Cloud only | ❌ Cloud only |
| Source-Available | ✅ Yes | ❌ No | ❌ No | ❌ No |
| Submits to Independent Testing (VBSpam) | Not yet | ❌ No | ✅ Yes (Q2 2025: 99.709) | ❌ No |
| Adaptive Learning from Customer Feedback | ✅ Per-deployment | ⚠️ Shared cloud model | ⚠️ Shared cloud model | ⚠️ Shared cloud model |
This 30-day period represents OpenEFA's production performance with fully operational detection modules including multi-module spam scoring with 20+ detection components, AI-powered NLP analysis using spaCy en_core_web_lg, machine learning ensemble with adaptive learning, and real-time DNS and authentication validation.
Note: These statistics represent real production data from OpenEFA deployments across multiple client domains. All metrics are verifiable and reproducible from the source database.
Join organizations worldwide protecting their email with OpenEFA's AI-powered security.