There is yet another option I learned about yesterday.
Option 3 - Provide a self-service portal
Rather than quarantining outbound spam messages, provide an immediate self-service portal for users to release their message.
The way it works is this: the message filter would bounce all messages back to the sender that it detects as spam. However, in each message would be a time-sensitive link that if the user clicked, it would release their message and deliver it. In other words, it is a bit like challenge/response. Where it differs from challenge/response is that we have already determined that the message is spam and we are challenging the user to prove that they are a human and that the message is legitimate.
Advantages - a self-service portal for the user would help mitigate false positives (false positive avoision* is my biggest concern). False positive notifications are instantaneous; it may not avoid false positives but it would help mitigate their effects. This also has the same level of granularity as outbound spam quarantining. Also, because we are bouncing the messages we do not necessarily have the issue of having to store spam; we are simply sending it back to the void from whence it came.
Disadvantages - even though it is the most elegant option, it is probably the most complex option to implement. It could also annoy users that they have to click a link in order to get their message through. In addition, it is conceivable for a spammer to script executing the link-click action upon receiving the bounce messages.
* I don't say "evasion", I say "avoision."