Start With the Baseline: Email Is Mostly Spam
Roughly 45 to 50 percent of all email sent globally is spam. That's not a statistic from a decade ago — it's the current state of the internet, and it has remained stubbornly high despite better filters, stricter sending policies, and increased law enforcement activity against spam networks. For every legitimate email your employees receive, there is likely another one that is junk, phishing, bulk marketing they didn't ask for, or worse.
A 30 percent spam rate hitting your inboxes — after whatever basic filtering your email host provides — isn't unusual for organizations that haven't invested in dedicated filtering. And when you convert that percentage into actual working hours, the cost stops being abstract.
The Math for a 50-Person Company
Let's build this up from realistic numbers. The average knowledge worker receives around 120 emails per day. At a 30 percent spam rate, that's 36 spam messages landing in each inbox every day. Most of these require at least a brief look — spam filters create uncertainty, and employees learn to glance at subject lines before deleting.
A conservative estimate is 3 seconds per spam message to identify and delete it. That's 108 seconds per employee per day — about 1.8 minutes. It doesn't sound like much until you multiply it across the team and the year:
| Factor | Value |
|---|---|
| Spam messages per employee per day | 36 |
| Seconds per spam message (identify + delete) | 3 sec |
| Time lost per employee per day | 1.8 min |
| Time lost per employee per year (250 days) | 7.5 hours |
| Total hours lost across 50 employees | 375 hours/year |
| Average hourly cost (salary + benefits, $75k/year) | $40/hour |
| Annual cost in lost employee time | $15,000 |
That's $15,000 in salary cost for work that produced nothing. And that's the optimistic scenario where employees glance and delete. The real cost is higher because spam creates cognitive overhead — each suspicious-looking email briefly pulls attention away from whatever the employee was doing before they opened their inbox.
Storage and IT Overhead
Email storage isn't free. A 50-person company receiving 36 spam messages per employee per day accumulates roughly 1,800 spam messages daily across the organization. The average spam message with its headers is around 15 KB. That's 27 MB of junk per day, or about 6.75 GB of spam per year — not counting attachments in phishing emails, which can be much larger.
At typical cloud storage pricing, 7 GB is negligible. But the IT cost is not. Someone has to deal with spam complaints. Someone has to investigate when a phishing email gets through and an employee clicks a link. Someone has to reset credentials and audit access logs. For a 50-person company without a dedicated security team, that burden falls on whoever is most technical, pulling them away from actual IT work.
A reasonable estimate for IT time spent on spam-related issues — user complaints, false positive investigations, incident responses — is 2 to 4 hours per month. At an IT contractor rate of $80/hour, that's $1,920 to $3,840 per year.
| Cost Category | Annual Cost |
|---|---|
| Lost employee time (50 staff) | $15,000 |
| IT overhead (spam complaints, incidents) | $2,880 |
| Email storage overage | $240 |
| Subtotal (excluding breach risk) | $18,120 |
The Number That Dwarfs Everything Else
The $18,000 figure above doesn't include the cost that actually keeps security teams up at night: a successful phishing attack.
The FBI's Internet Crime Complaint Center reported that Business Email Compromise and phishing attacks caused over $2.9 billion in losses in a single recent year. For small and mid-sized businesses, the average cost of a single successful phishing incident — including incident response, legal notification, remediation, and downtime — ranges from $50,000 to $250,000. Many smaller companies don't recover at all.
A 30 percent spam rate means your employees are being exposed to a much larger volume of phishing attempts than they would be with effective filtering. Even if your team is well-trained, social engineering attacks are designed to exploit moments of inattention. The more attempts that reach the inbox, the higher the probability that one succeeds.
If you apply a conservative 1-in-1,000 chance of a successful phishing incident per year — which is optimistic for a 50-person company without robust filtering — and a modest $80,000 average incident cost, the expected annual cost of that risk is $80. That sounds low, but it represents a 0.1% annual probability of an $80,000 event. In any given five-year window, that probability climbs to nearly 0.5%. Organizations don't think about this as actuarial risk, but they should.
The Cost of the Solution
Indition Spam Killer starts at $99 per month — $1,188 per year — for unlimited domains and up to 50 accounts. That's the pricing tier that directly serves the 50-person company in this scenario.
Against $18,120 in documented annual costs and a meaningful tail risk of a five- or six-figure breach, $1,188 per year represents a 15-to-1 return on cost reduction alone, before you account for the breach risk at all.
The framing that spam filtering is "an IT expense" misses the point. When you do the math, it's one of the highest-ROI operational investments a small or mid-sized organization can make. The cost of not having it is sitting in your payroll system right now, labeled as employee hours.