Email metadata is the information attached to a message without including the body text itself. It typically covers the sender, recipient, subject line, timestamps, message size, routing details, and sometimes folder or access records. Even when the content is encrypted or unread, metadata can still reveal who is talking to whom, when they communicate, and how often.
In cyber security, metadata matters because it can expose business relationships, internal workflows, and user behavior. Attackers use it to map organizations, identify high-value targets, and improve phishing or business email compromise campaigns. Defenders use the same data for incident response, spam filtering, fraud detection, and forensic analysis. However, metadata is also sensitive: long retention or broad mailbox access can create privacy and compliance risks. Good controls include least-privilege access, short retention periods, and careful logging so organizations get operational visibility without unnecessary exposure.



