Abstract Seafoam Wavy

Enhancing Remediation Controls for Unwanted Mail With an API-based Approach

The most effective way to manage spam and graymail is to leverage a cloud-native, API-based architecture to understand identity, behavior, and content patterns.

June 8, 2022

Promotional mail takes many shapes and forms, and every employee within an organization has a different appetite for content.

No one wants to spend several minutes each day sorting through spam messages, but some marketing-oriented content—like webinars or white papers—can be helpful and appropriate during a workday. Plus, a lot of spam messages are somewhat “unknowable”, in that they’re suspicious, deceitful, or predatory, but not inherently harmful.

So how can an organization deploy technology like an integrated cloud email security platform to provide the right level of protection, to the right users, at the right time?

Why API-Based Architecture Enables Stronger Protection from Attacks

The legacy approach certainly isn’t working. First, secure email gateways (SEGs) don’t integrate tightly with today’s cloud office. Second, they employ a legacy approach to stopping email attacks (including unwanted mail) that is blunt and binary. Emails are simply “good” or “bad”, and employees are responsible for sorting out spam and graymail messages via email digests and summaries.

Further, user preferences are not utilized to adapt protection over time. As a result, employees have to sift through hundreds of messages on a daily basis and mark them as spam or delete the messages to reduce the clutter and focus on relevant messages.

In contrast, the modern approach to limiting spam and graymail leverages business context to apply fine-grained protection.

Abnormal Integrated Cloud Email Security (ICES) derives business context on the organizations we serve from our cloud-native, API-based architecture. This API-based architecture allows us to instantly understand identity, behavior, and content patterns that indicate what departments communicate the most, where employees log in from, the devices they use, which vendors they work with, and more.

When employees move messages into Junk and Promotions folders, our platform gains insight into their specific preferences, including which messages they find valuable and important. Over time, the models learn the user behavior and automate the action of moving the email to the preferred folder, saving valuable time in the day.

Our modern, cloud-native API-based architecture underpins everything we do. It allows us to solve the spam and graymail problem—and any email-related challenge—with a context-rich, fine-grained approach.

To help organizations get ahead of the spam, graymail, and suspicious mail challenge, we offer these capabilities:

Native banners that warn end users of potentially suspicious content

Native Banners with Suspicious Content Warning

Availability: New this week

More flexible configuration options for URL watch, which re-writes messages to detonate malicious content

Rewrite Messages with Malicious Content

Availability: Later this year

The ability to organize graymail in promotional folders

Organize Graymail in Promotional Folders

Availability: Today

The Modern Solution to Reduce Clutter and Increase Productivity

Due to the wide spectrum of graymail and unwanted mail, effectively managing incoming email requires a context-rich and multi-faceted approach based on the nature of the message. Our approach to protecting organizations from unwanted mail relies on these 4 key principles:

  1. Clear-cut attacks should be automatically blocked and quarantined.
  2. Promotional marketing emails should be filtered from the inbox and organized into a user-accessible folder.
  3. Reconnaissance emails should be marked as suspicious, and end users should be warned.
  4. Email trackers should be optionally removed from messages to enhance privacy and security.

We use a variety of solutions to provide the right finessed solution required for the respective email issue:

  • Automatically blocking clear-cut attacks.
  • Continuous protection based on how employees move emails into folders.
  • Warning users of suspicious email that doesn’t neatly fit a given category. (Examples include reconnaissance emails that do not have an obvious payload but are used to escalate toward a future attack.)

The context-rich, API-driven approach enables us to continuously improve on this protection.

Coming soon, Abnormal users will be able to do the following:

  • Remove web trackers embedded in email messages as images
  • Send promotional marketing emails to a separate configurable folder

Our Unique Approach to Handling Suspicious Mail

We're excited to announce we're rolling out the ability to warn users of suspicious emails like reconnaissance messages. These messages do not have an obvious payload, but responses can be used to inform a future attack.

To empower users and portal administrators to take the right action when faced with potentially suspicious mail, we provide:

Customizable banners for suspicious messages

Customizable Banners for Suspicious Messages

Availability: New this week

The ability to prepend a subject for remediated suspicious messages

Prepend a Subject on Suspicious Messages

Availability: New this week

Suspicious messages will no longer be present in the Threat Log

However, these messages are still searchable via Search and Respond. This change is focused on helping our core users focus on the more advanced attacks that need their attention in the Threat Log.

To locate suspicious emails, Abnormal users can search for messages in Search and Respond with the prepended suspicious mail subject line they enable for suspicious mail (the example above is External - Suspicious).

Suspicious Messages Removed from Threat Log

Availability: Effective now

Improving Customer Satisfaction, One Feature at a Time

We actively and regularly seek feedback from our customers. Based on customer inputs, we are laser-focused on:

  1. Continually increasing the efficacy of Abnormal ICES for managing promotional and unwanted mail.
  2. Making sure our dashboard empowers analysts to focus on high-priority threats and filter out noise. For example, removing suspicious messages from the Threat Log allows security teams to enjoy the SOC automation capabilities of the platform while not having to actively review the logs.
  3. Empower users with a differentiated user experience. Users will now be able to self-serve decisions on the very low volume of suspicious messages.

If you have any questions or feedback on this update, please open a case in our Support Portal or email support@abnormalsecurity.com.


See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Posts

B 1500x1500 Types of Email Platform Attacks L1 R2
Discover the most common types of email platform attacks in your cloud network and how you can prevent them.
Read More
B 1500x1500 Lilac Wolverine L1 R1
Threat group Lilac Wolverine is fine-tuning the art of exploiting people’s willingness to help others in some of the largest gift card attacks we've seen.
Read More
B 1500x1500 Modern Email Attacks Webinar Series L4 R2
Our Modern Email Attacks series has wrapped! Here are some of the biggest takeaways from Chris Krebs, Troy Hunt, and Theresa Payton.
Read More
B 1500x1500 Gartner Insights L1 R1
See our commitment to providing our customers with the best possible solution and support with these reviews from Gartner® Peer Insights™.
Read More
B 11 14 22 SPM Launch Blog Graphics
Security Posture Management gives organizations insight into cloud configuration risks and gaps across user and app privileges.
Read More
B 11 14 22 SPM Launch Blog 2
Cloud email platforms enable better collaboration, but they also create new entry points, making sensitive data more accessible to attackers.
Read More
B 1500x1500 Q3 Ransomeware L1 R2
This post explores the continuation of the sharp decline in ransomware attacks as well as a few other notable data points from Q3 2022.
Read More
B 10 05 22 Cloud Email Security Platform Essentials
Learn the 7 key capabilities a cloud email security platform should have in order to address and resolve common email security challenges.
Read More
B 11 07 22 Valimail
Discover the benefits of a modern, best-of-breed solution to email security with Abnormal Security and Valimail’s New Partnership.
Read More