Cisco threat researchers conducted two studies in 2016 using opt-in
customer telemetry to estimate what percentage of total email volume is
spam. We found that spam accounts for nearly two-thirds (65 percent) of
total email volume. Our research also suggests that global spam volume
is growing, due primarily to large and thriving spam-sending botnets
like Necurs. In addition, we determined through our analysis that about 8
percent to 10 percent of global spam observed in 2016 could be
categorized as malicious.
Seventy-five percent of total spam observed in October 2016 contained
malicious attachments. Most of that spam was sent by the Necurs botnet.
(See Figure 17
Necurs sends malicious .zip attachments that include embedded
downloaders. In calculating the percentage of total spam containing
malicious attachments, we count both the “container” file (.zip) and the