The VBSpam tests don't just look at products' ability to prevent spam from making it to users' inboxes, they also measure how well products perform when it comes to not blocking legitimate emails.
There, the results were more of a mixed bag: five solutions didn't block any legitimate emails at all - and as they also blocked more than 99.5% of all spam, they were awarded a VBSpam+ award. However, for three solutions, the amount of legitimate email that they blocked was so high that they failed to achieve VBSpam certification.
"I was really pleased to see such high spam catch rates," said VB's Anti-Spam Test Director, Martijn Grooten. "There are still billions of spam emails sent every day, many of which come with a malicious payload. It is good to know that almost all of these are stopped before they reach the user's inbox."
Grooten continued: "Of course, it was disappointing to see that for some products the high catch rate came at the cost of blocking quite a few legitimate emails. We hope that these products will see their performance improve in the next test."
The report also surveyed the participants' use of DMARC. DMARC is a specification intended to prevent email abuse: it allows the owners of often-spoofed domains to state what receivers should do with emails that fail SPF and DKIM checks.
While the majority of participating products check the SPF status and DKIM signatures of incoming emails, at the moment very few are using DMARC: only one out of the 18 products sends feedback, while another checks the DMARC status of incoming emails, but doesn't send feedback.