How do we know that an email is safe and wanted, when the universe of all possible email sources is nearly infinite? It recently occurred to me that all we really need to know is whether the sender is already known to us (and verifiably identified.)
In order of trust, a known sender is an email address that is:
- in a corporate database as a customer, vendor, employee (personal account), or some other role.
- OR is in the recipient's contact list as a known correspondent
- OR is the addressee of an outgoing message (other than automated out-of-office notices)
- OR is the source of incoming messages, and the messages have not raised any red flags from content filtering or user complaints.
If we have done a good job of blocking previous messages from objectionable sources, essentially all new attacks will come from unknown senders.
There is always the possibility of a trusted sender becoming compromised or an angry customer turning malicious. I classify these as insider attacks, similar to the risk that an angry employee will use his login to attack the company. Fortunately, these are relatively rare, while malicious and unwanted messages from unknown sources are common.
The open question is the best way to integrate "unknown sender" risk into the spam filtering process.