Introducing Earned Trust: Smarter Email Filtering Through Behavioral Learning

OpenEFA Now Automatically Learns Which Senders to Trust

Posted: January 1, 2026
By: OpenEFA Engineering Team
Category: Feature Announcement

We're excited to announce Earned Trust, a new intelligent filtering feature that automatically reduces false positives for legitimate senders based on their actual behavior—not static whitelists.

The Problem with Whitelists

Traditional email security relies heavily on whitelists: manually curated lists of "trusted" senders that bypass spam checks. This approach has significant drawbacks:

  • Maintenance burden: Someone must constantly add new legitimate senders
  • Security risk: Whitelisted domains that get compromised remain trusted
  • No learning: The system never gets smarter on its own
  • One-size-fits-all: A sender is either fully trusted or not trusted at all

A Smarter Approach: Earned Trust

Instead of asking "Is this sender on our whitelist?", Earned Trust asks: "Has this sender proven themselves trustworthy through their behavior?"

The system evaluates four key factors:

1. Authentication (Up to 30 points)

Does the sender properly authenticate their emails?

  • SPF pass: 10 points
  • DKIM pass: 10 points
  • DMARC pass: 10 points

2. Delivery History (Up to 40 points)

How many emails from this sender have been successfully delivered?

  • 500+ emails: 40 points
  • 100+ emails: 30 points
  • 50+ emails: 20 points
  • 10+ emails: 10 points

3. User Feedback (Up to 30 points)

How do recipients interact with this sender's emails?

  • No spam reports: 20 points
  • High release rate from quarantine: 10 points

4. Time Factor (Multiplier)

How long have we known this sender?

  • New senders (<7 days): 50% of earned points
  • Recent senders (7-30 days): 80% of earned points
  • Established senders (30+ days): 100% of earned points

Trust Levels and Score Reductions

Based on the total score, senders earn a trust level that determines how much their spam scores are reduced:

Trust Level Score URL Reduction Phishing Reduction
High 80-100 90% 85%
Medium 60-79 70% 60%
Low 40-59 40% 30%
None 0-39 0% 0%

Real-World Example

Consider emails from eBay. Before Earned Trust, eBay's tracking links would trigger our URL reputation module, adding 10-25 points to the spam score. Some legitimate eBay emails were being quarantined.

With Earned Trust, the system recognizes:

  • eBay passes SPF, DKIM, and DMARC (+30 points)
  • We've received 26 emails, 15 delivered successfully (+10 points)
  • No spam reports from users (+20 points)
  • Known sender for 30+ days (x1.0 multiplier)

Result: Trust Score 80 (High Trust) → 90% URL reduction

Those 25 URL points become just 2.5 points—well under the quarantine threshold.

What About Brand-New Senders?

Earned Trust doesn't help new senders—and that's by design. Unknown senders should receive full scrutiny. They earn trust over time by:

  1. Properly authenticating their emails
  2. Sending emails that recipients actually want
  3. Not generating spam complaints

For critical first-contact services (payment processors, document signing, shipping notifications), we maintain a minimal "bootstrap" list that provides immediate trust. Everything else earns it.

The Bootstrap List

Some services send important emails that users need immediately, even on first contact:

  • Email Sending Platforms: Mailchimp, SendGrid, Amazon SES
  • Payment Processors: PayPal, Stripe
  • Document Signing: DocuSign, Adobe Sign
  • Shipping: FedEx, UPS
  • Major Platforms: Amazon

These receive immediate trust (with authentication required). All other senders—including LinkedIn, Slack, GitHub, Zoom, and hundreds of others—now earn trust through their behavior.

Benefits

For Administrators

  • Less maintenance: No more manually adding senders to whitelists
  • Self-healing: The system adapts as sender behavior changes
  • Visibility: Email headers show trust level and score

For Users

  • Fewer false positives: Legitimate emails from known senders get through
  • Better security: New/unknown senders still get full scrutiny
  • Transparent: Users can see why emails were trusted

For Security

  • Dynamic trust: If a sender starts behaving badly, trust decreases
  • Authentication required: Even trusted senders must authenticate
  • Gradual trust: New senders can't game the system immediately

Technical Details

Earned Trust integrates with three detection modules:

  1. URL Reputation: Reduces scores for tracking links, redirects
  2. Phishing Detection: Reduces false positives for legitimate notifications
  3. Brand Impersonation: Allows legitimate brand emails through

Trust calculations are logged and visible in email headers:

X-Earned-Trust-Level: high X-Earned-Trust-Score: 80.0 X-Earned-Trust-Applied: url,phishing

Conclusion

Earned Trust represents a fundamental shift in how OpenEFA handles sender reputation. Instead of maintaining static lists, the system learns from actual behavior—becoming smarter over time while maintaining strong security for unknown threats.

This is email filtering that adapts to your organization's actual email patterns, not generic lists that someone else maintains.

Availability: Earned Trust is available now in OpenEFA. The feature is enabled by default and requires no configuration.
← Back to Blog Index Discuss on Forum