• United States

What if an e-mail system thinks you’re a spammer?

Jan 14, 20033 mins
Enterprise ApplicationsMalwareMessaging Apps

* Two approaches for verifying legitimate e-mail

A lot of legitimate e-mail gets blocked because antispam filters either reject the messages outright or they quarantine them with no guarantee that someone will actually review the messages that have been identified as potential spam.

This is a particular problem for publishers of newsletters and other legitimate types of broadcast opt-in material that may look like spam, but is not. It’s also an occasional problem for senders of one-off e-mails that might contain keywords or other content that triggers the spam filter. What complicates the problem for legitimate senders is that very often they don’t realize that their messages have been blocked or quarantined.

The approach that I like is for spam filters to provide some sort of feedback, to tell senders that their e-mail has been blocked or is being challenged as potential spam. For example, Clearswift’s MAILsweeper can be configured to send a message back to the sender of potential spam indicating, “The message you sent to [named recipient] contains questionable or potential SPAM content. Please contact the recipient in regards to this matter.”

While this may be a pain to deal with on a large scale, it at least provides feedback to the sender that a message has not gone through, allowing the sender to find another way of contacting the recipient or suggesting that the sender should be added to a whitelist.

Another approach that some antispam vendors have adopted is to require confirmation from the sender that an e-mail message is legitimate. Several antispam systems will send a response when an e-mail message is received from an unknown sender. In that response may be a link to a Web page, into which the sender is required to enter additional information for the original e-mail to go through. This challenge is typically presented only the first time a new sender transmits a message to a protected recipient.

Both of these approaches increase e-mail traffic and impose additional demands on e-mail servers, but they go a long way toward ensuring that legitimate e-mail won’t be lost.

These are just two approaches used by several different products that can be employed to confirm to e-mail senders that their messages have not entered some black hole, never to be seen again. I’d like to get your opinions, as senders of e-mail, on which of these approaches you prefer, or if there is another approach you like or would like to see. Please drop me a line at