Graymail and its impact on cybersecurity

by Egress
Published on 10th Mar 2023
Phone Mobile Confidential Email 1003X250 15Kb

Graymail and its impact on cybersecurity

Graymail – technically, it’s not bad, but it’s not necessarily good, either. This type of email falls in between. At best it’s useful, usually it’s an annoyance, and at worst, it’s a potential cybersecurity threat. 

The accepted definition for graymail is emails that aren’t spam or phishing, but which the recipient may perceive as inbox clutter. Graymail can be delivered to Outlook inboxes, and can include newsletters, promotional emails, and other marketing communications. Usually, the recipient signed up for them once upon a time, although sometimes they didn’t and are being contacted based on ‘interest’.  

Potentially annoying and distracting, graymail may present a more serious threat, as it can aid the spread of malware and other malicious payloads, and desensitize people to phishing campaigns.  

Because most people and organizations consider graymail harmless, doing something about it typically comes low on the priority list. But doing nothing about graymail risks leaving the door open to hackers. For example, cybercriminals may impersonate a legitimate email address that graymail originates from and disguise malicious links as enticements, such as discount codes or subscription updates. Phishing emails are harder to spot when mixed with apparently benign graymail emails, and both graymail and spam can numb people’s senses to unusual or unsolicited emails. 

This article provides a high-level overview to the topic, including graymail defenses that organizations can implement. 

What is graymail?

Graymail describes emails that fall between wanted email correspondence and spam. It typically consists of emails that people don’t consider valuable but simultaneously may have an interest in. 

Examples of graymail include newsletters, promotional emails, social network updates, and other communications. It can even include unwanted activity notifications from rarely used applications. Usually, the recipient opted into these emails months or years ago but rarely read or get value form them.  

Graymail differs from spam in that it is typically sent by legitimate organizations rather than from unsolicited, anonymous, or fraudulent sources. The sender of graymail has typically obtained the recipient’s consent and email address through a sign-up process, purchase, or other legitimate means. For example, a recipient may provide an email address in exchange for a report or other wanted information, or when registering for a social media account. 

How does Graymail work?

Graymail is categorized as mass mail or bulk mail, because it’s not sent by a single known contact as part of a back-and-forth conversation, but instead is sent by a brand or other organization, even if they attribute a real or fictional person’s name to the communications. It’s sent via a mass mail or email marketing platform using a template with generic copy and limited personalization (such as the recipient’s first name) or by using APIs to source ‘trending’ content for the recipient (such as notifications on a social platform), which is then populated within a template.  

These emails typically contain tracking code designed to collect information about the recipient’s interaction. Individuals may even send this information without knowing it, just by opening the email, thanks to transparent tracking pixels that let senders gather data on when and how often recipients open their emails. Other information collected may include whether the email was delivered or categorized as spam, what links the recipient clicked, what web browser they used to visit that link, what device they used to read the email and visit the website, and more.  

Graymail vs. spam vs. phishing

Due to its (initially, at least) solicited nature, graymail is not the same as spam. Spam arrives entirely unsolicited, typically sent for commercial purposes to promote a business, and because it is untargeted, may have little relevance and no value to many of its recipients.  

And graymail and spam, while both potentially annoying, they are also distinct from malicious Error! Hyperlink reference not valid.phishing emails.  

Phishing emails are often sent from anonymous or fraudulent sources, using tactics such as email spoofing or hacked email accounts. They are also typically designed to trick recipients into clicking on a link or opening an attachment that may contain malware or lead to a phishing site. (For more insight, read our article ‘What is phishing?’.) 

Graymail emails can contribute to the challenge posed by phishing because they can act as camouflage for malicious emails hiding among them. People can become desensitized to unwanted, unusual, and unexpected emails and, by lowering their guard, can be more susceptible to a phishing email. 

Additionally, if the graymail sender gets hacked, valid email addresses and other information stored, can fall into the hands of criminals and be used in phishing campaigns. For example, scammers could use captured email addresses to launch spear phishing attacks designed to deliver ransomware. 

Graymail defense

Fortunately, senders of legitimate mass email, including graymail, include unsubscribe or opt-out links at the bottom of their emails, as required by anti-spam legislation worldwide, including in the United States and Europe.  

Many email services and clients also provide filtering and blocking tools to manage graymail. These tools allow people to control the amount and types of emails they receive. For example, someone can mark unwanted emails as spam to help train the filtering algorithms. 

Take advantage of both methods to cut down on graymail and reduce inbox clutter. 

Fighting Phishing Transp

Fighting Phishing: The IT Leader's View

Get your copy