In the quest to block spam and phishing attempts, legitimate messages often end up collateral damage. Tune your spam filters up and you indeed reduce the amount
of spam delivered — but you do so at the cost of false positives. Tune filters down and users are overwhelmed with spam, phishes
and malware.
Graphic: How it works: ternary e-mail sorting
One alternative for the enterprise is to move from binary classification (bad vs. unknown) to a ternary categorization: bad,
unknown, known-good. With ternary sorting, bad messages (such as spam and phishing) are still blocked or quarantined, but
all other messages coming into the in-box are further categorized according to their perceived legitimacy.
Large service providers have begun segregating the in-box into known-good and unknown messages. The Messaging Anti Abuse Working
Group recommends providing users with visual cues: messages backed by authentication, accreditation, reputation and monitoring
services should be highlighted in the in-box to indicate messages as genuine and safe.
This best practice for consumer-focused ISPs also provides benefits to the enterprise. After all, helping consumers identify
a real-order confirmation is no different from assisting executives to discern their real e-ticket amid fake phishing messages.
Highlighting messages involves establishing a relationship with an e-mail reputation and accreditation service. Here are some
terms:
Authentication: The act of confirming that a message comes from its purported source. The sender’s domain is often authenticated
— using standards such as Sender ID or DomainKeys Identified Mail (DKIM) — but some services go beyond domains and authenticate
the entire From: header.
|
