In the quest to block spam and phishing attempts, legitimate messages often end up collateral damage. Tune your spam filters up and you indeed reduce the amount of spam delivered — but you do so at the cost of false positives. Tune filters down and users are overwhelmed with spam, phishes and malware.

One alternative for the enterprise is to move from binary classification (bad vs. unknown) to a ternary categorization: bad, unknown, known-good. With ternary sorting, bad messages (such as spam and phishing) are still blocked or quarantined, but all other messages coming into the in-box are further categorized according to their perceived legitimacy.

Large service providers have begun segregating the in-box into known-good and unknown messages. The Messaging Anti Abuse Working Group recommends providing users with visual cues: messages backed by authentication, accreditation, reputation and monitoring services should be highlighted in the in-box to indicate messages as genuine and safe.

This best practice for consumer-focused ISPs also provides benefits to the enterprise. After all, helping consumers identify a real-order confirmation is no different from assisting executives to discern their real e-ticket amid fake phishing messages.

Highlighting messages involves establishing a relationship with an e-mail reputation and accreditation service. Here are some terms:

Authentication: The act of confirming that a message comes from its purported source. The sender’s domain is often authenticated — using standards such as Sender ID or DomainKeys Identified Mail (DKIM) — but some services go beyond domains and authenticate the entire From: header.

Accreditation: Before a reputation service starts tracking the reputation of a sender, it accredits the candidate: Is it a real company that can be held accountable? Does it have an established reputation sending e-mails? Some services will simply create an initial reputation score based on the results of the accreditation process; others have more sophisticated technologies and can go as far as granting a sender privileges that are commensurate with accreditation results.

Reputation: Once accredited, a sender’s initial reputation is established. This reputation fluctuates based on the sender’s behavior and its adherence to the acceptable use policy defined by the reputation service.