GF 06 720x478 2x

Prevent Spam & Graymail

Stop spam and unwanted graymail from reaching your end users.


of all emails are spam

Talos Intelligence, July 2021

1200 minutes / year

spent on spam by each employee

Institute of Labor Economics

Stopping Spam and Graymail from Reaching End Users

Your current email security infrastructure stops some spam. An added layer of protection could stop it all. Whether used in conjunction with your native email environment, or as an added layer of security on top of your secure email gateway, Abnormal can provide additional defenses.

Stopping Spam

Spam is unsolicited commercial email that is unwanted and oftentimes questionable. The content within it varies but is rarely valuable.

Spammers often email the same message to thousands or millions of people and while most of it is non-malicious, there are certain types that may serve up malware or result in credential theft.

Preventing Graymail

Unlike spam, graymail is solicited and comes from a legitimate source, but has varying value to different people.

Graymail often appears as periodic newsletters, announcements, or advertisements to which a subscriber has opted in to receiving, but the value may decrease over time.

Recognizing Spam and Graymail

This email passed native email security, but it is spam. By examining it further, we can see that:

  • it comes from an unknown vendor and never lists their company name
  • it is extremely generic, which indicates that it may be sent to thousands of email addresses
  • it was sent to every person within the marketing organization, indicating that the sender bought a list or does not know who to contact

While this type of email may not be malicious, it does waste time for those who bother to read it. Abnormal keeps these messages out of inboxes.

Stop Unwanted Email from Reaching Your End Users

analyzing recipient patterns to uncover spam emails

Uncover High-Volume Attacks by Understanding Recipient Patterns

This message from Paper Company Partner appears to be sent only to Andy, but further investigation shows that it goes to all Dunder Mifflin employees.

A common tactic for spam emails is a high-volume of sent messages, often without any personalization. While Andy may believe that this email was sent directly to him, it is likely that the spammer bcc’ed hundreds of recipients, or copied and pasted this message thousands of times.

authenticating sender details on a spam email

Check For and Authenticate Sender Details

The domain name is a set of random numbers and letters. It does not pass authentication.

Abnormal checks against basic authentication methods including SPF, DKIM, and DMARC. Because this email address does not have email authentication implemented, it indicates that it could be spam.

For those domains that do pass authentication, Abnormal can detect when they were registered. If the domain was registered very recently, it could be a sign of spam or graymail.

using recipient preference to route spam and graymail emails

Understand Recipients’ Preferences

In this case, this email is sent not only to the sales team, but to all Dunder Mifflin employees.

Even if Andy had signed up for this email, it’s unlikely that everyone at the organization did. For emails that are legitimate, Abnormal understands context to know that employees in Human Resources are unlikely to be interested in messages from sales partners.

creating safe and block sender lists per user to fight spam

Automatically Create Safe and Block Lists for Each End User

While the rest of the organization treats this email as unwanted, Andy finds it valuable. Abnormal knows this and delivers the email to his promotions folder, while blocking it for all other end users.

Abnormal is deeply integrated into end user mailboxes via API, giving it the ability to learn end-user’s preferences by observing how end-users move messages between folders.

This ability allows Abnormal to automatically create and manage individualized safe and block lists on behalf of end-users, and deliver spam and graymail to junk and promotional folders respectively.

End-users no longer have to rely on spam and quarantine digests to salvage missed messages.

Trusted by Global Enterprises


Prevent the Attacks That Matter Most