I would like to suggest a new facility to help with the malware and phishing problem. The challenges of email security are growing every day. New threats from ransomware and phishing attacks are appearing with increasing frequency which sucks productivity from eMailbox Account Users lost to an avalanche of SPAM. While I have tuned SmarterMail's SPAM to do a good job plenty still slips thru!
This feature has the Sender getting a Verification eMail from SmarterMail, after SmarterMail has proven the eMail NOT to be SPAM or contain Malware from its perspective. The Sender has to click on a link to Verify the eMail Sender one time unless un-authorized by the eMailbox Owner in the future. Once the Verify Link is clicked and processed by SmarterMail then the eMail gets automatically delivered (unless see below).
Also, the eMailbox Account Holder would get an eMail Message, from SmarterMail, showing the messages waiting on verification by the various Senders based upon some interval defined by the SmarterMail admin which could be NEVER or every N minutes. Where N could be set to 240 Minutes or 4 Hours for example. Also, we would need an override minimum interval defined by the SamrterMail Admin.
Maybe SmarterMail has a NEW required system folder Called Quarantined, and these eMails are moved into Quarantined while waiting for Verification. Once verified they eMails moved from Quarantined to Inbox. This is helpful when using ActiveSync or MAPI as one could view these Quarantined eMails instantly and move them into any folder how they see fit.
From the Quarantine eMail list the eMailbox Account Holder could override the quarantined eMail and click on a link to have the eMail Delivered immediately instead.
This would have the effect of eliminating eMails from BOTs or compromised eMail Servers that can't or users that do not reply. This is similar with the idea of Gray Mail works -- in a fashion. I would like to see a separate block filter called "Blocked Senders at Verification" so that I can see the difference between this and "Blocked Senders by Owner" (aka the existing "Blocked Senders").
Another option would be to allow the eMailbox Owner to permanently disallow eMails from Address using a link in the list which would update "Blocked Senders" thus the Quarantined eMail would be moved to the SPAM folder. The link should be encoded in such a way as to NOT require a LOGIN by the eMailbox Owner, but done in a secured method from hackers and protected by IDS.
We could also have a double-opt-in for folks who really want to police their inbox. #1 opt-in is the sender, and #2 opt-in is the recipient. Of course, both of these verifications would be a one-time event.
Finally, all of these features would be enabled first at the Domain Level as Yes or No; then at the eMailbox Level. As is common with a lot of features in SmarterMail I would like to see at Domain Level "Allow eMail to Override Option".
In the double opt-in case, I would also great that SmarterMail would add this eMail address to the Contact List on SmarterMail if successful -- again a behavioral option. Also, possible add to the Trusted sender list -- again a behavioral option.