MORE than 40 years after e-mail was first conceived, over a billion people all over the world use it as a means of communication today. That's one-sixth of the world's population, and while e-mail is used for personal communications, it beats other tools as the preferred method of communication for businesses worldwide.

US-based firm Ferris Research reported there were 213.6 million business e-mail users in Asia and the Middle East alone in 2007, and this number is set to rise over the next few years as Internet penetration rates in China and India skyrocket. The immense popularity of e-mail, though, has caused it to become a target for malicious agendas, including viruses, Trojans, and spam.

Phishing is one example - it is the attempt to acquire sensitive information such as user names, passwords and credit card details by masquerading as a trustworthy entity in online communication. Gartner estimates that more than US$3 billion was lost by companies and individuals through phishing attacks in 2007, with over 3.6 million adults falling for scams.

Some common examples are spurious e-mails disguised as legitimate, apparently from your bank or favourite e-commerce site such as eBay or PayPal.

Spam is another incessant problem, accounting for over 80 per cent of e-mails received every day. As you list your e-mail address in forms or register on user groups online, you risk your e-mail being sold to third parties, including spammers.

The survivors of political unrest looking for a 'friend' to help them transfer millions of dollars overseas, Viagra or Cialis surreptitiously delivered to your doorstep, promises of generous payouts for lottery tickets you never bought, or lucrative 'job' offers that don't lead anywhere, the list of spam mail you receive is endless.

As individuals wise up and companies put technologies in place to protect employees, phishing e-mails, viruses and spam are being blocked from entering your mailbox. This gives rise to another interesting challenge - legitimate e-mail getting stopped at the boundary.

At a time when leads are generated over e-mail and contracts negotiated across the world, a lost e-mail often means lost revenue. A May 2007 report from Brockman & Company says that 36 per cent of 475 companies surveyed have lost business because an e-mail they were expecting did not arrive.

If your preferred courier company were to say that out of every 20,000 packages sent, they lose 10, would that be acceptable? Most likely, you would hunt around for another service provider, as a package sent should be a package delivered.

However, this view of zero tolerance is not applied to e-mail, even though communication via e-mail should be just as fail-safe. Should you have to call people you e-mailed today to check if your e-mail was received when you send out an average of 20-30 e-mails each day?

The problem lies in the fact that most solutions available in the market today are focused more on reducing spam than on protecting legitimate e-mails. So what can companies do? There are many avenues to consider as you put your e-mail protection plan together.

Consider getting on a safelist
A safelist is the opposite of its popular cousin, the blocklist. Blocklists are a compilation of IP addresses referred to by anti-spam vendors today to prevent e-mails from the IP addresses or domain names from getting to your inbox.

Sounds good in theory, but the problem is that sometimes legitimate senders get put on blocklists. Habeas is a service provider that manages safelists to ensure that your online reputation is protected. By certifying good senders of e-mail and admitting them to the Habeas safelist, Habeas allows e-mail receivers to distinguish between legitimate e-mail marketing and spam.

This is especially relevant for legitimate, law-abiding retail sites and e-marketers that send out thousands of legitimate e-mails to their subscribers.

Track the threat landscape
Technology changes every day and security vendors regularly release software and updates to tackle the latest attacks as they cross a scalability threshold and start to pose a significant threat.

The number of companies that don't update their software frequently is alarming. Managed services are another great alternative as the service provider makes sure that you are always using the latest security.

Use sender authentication
You can ensure that your e-mails have a better chance of reaching the intended parties by using sender authentication that is put in motion when the sender is not on a safelist.

Use of latest e-mail authentication standards including DKIM (Domain Key Identified Mail), Sender ID, and sender self-authentication allow good, legitimate senders to increase their deliverability ratios.

One industry body driving the message of online trust is the Authentication and Online Trust Alliance (AOTA). With members from Cisco, Bank of America, Internet Identity, BoxSentry and Habeas, the alliance maintains that enhancing online trust, confidence and online protection of businesses and consumers is imperative.

Phishing, viruses and spam are serious problems, but not protecting legitimate e-mail is even more critical, and should be afforded a zero tolerance policy.

The writer is chairman of the international committee for the Authentication and Online Trust Alliance (AOTA), and CEO of BoxSentry.

This story was first published in The Business Times on 21 Aug 2008.