'Legitimate Interest' – “the processing is necessary for your legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual's personal data which overrides those legitimate interests.”
In terms of Direct Mail, Recital 47 of the GDPR says “…The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” The ICO states that “as long as the marketing is carried out in compliance with e-privacy laws and other legal and industry standards, in most cases it is likely that direct marketing is a legitimate interest.”
It's important to note that this doesn't mean legitimate interest automatically applies to all marketing; you need to ensure you have identified a legitimate interest, that processing the data is necessary to achieve it. You also need to balance your interests against the individual's and record your process and results.
(There is a link to ICO guidance at the end of this article if you would like more information on Legitimate Interest).
The ICO website also says, “you can rely on legitimate interests for marketing activities if you can show how you use people's data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.” For example, a customer has purchased something from your website. They've actively engaged with your product and are unlikely to be surprised to receive mailings from you; you have a legitimate interest in contacting them with further information, offers, brochure etc.
A third base, 'Contract', might also apply if for example if you are sending letters to customers regarding the status of their ongoing contract with your organisation.