Technique | Through the filter

FBI gets help ensuring its e-mail alerts aren't treated as spam<@VM>SIDEBAR | Lessons learned: Authentication is the key

E-Man: Jim Eppard, of the FBI's online and print public affairs department, said the bureau 'didn't want to be bogged down with e-mail list maintenance and kickbacks from bad addresses.'

GCN photo by Zaid Hamid

The FBI, like most organizations that operate a Web site, wanted to make sure the public was getting the most out of it.

'We wanted to get more eyeballs on the things we have to offer on the site,' said Jim Eppard, a writer in the bureau's online and print public affairs department.
E-mail alerts are one way to attract more eyeballs, and the FBI has turned to an outside service provider to help keep e-mail subscribers updated about developments at the bureau and new information on the Web site ' and help shepherd those messages safely to their destinations.

'We get a lot of visitors' to the FBI.gov Web site, as many as 3 million a month, Eppard said. Everyone knows about the national lists of most-wanted fugitives and terrorists. 'That drives a lot of the traffic to our site.' But the site also has a lot of frequently updated, dynamic content that was not getting the same amount of attention. 'We want visitors to know what we are doing on a local basis. Most of our updates are coming out of our local offices.'

The site also updates national news stories the bureau wants to draw attention to. Eppard recently visited Minneapolis to write about the FBI's participation in investigating the Mississippi River bridge collapse there. 'It's not a crime scene,' he said, but the FBI is supporting the National Transportation Safety Board investigation with its forensic expertise and engineering know-how. It's the kind of activity the bureau wants to see get more attention.

'We want people to see other things we have to offer,' Eppard said. 'We were trying to bubble up some of the content that was under the surface.'

The bureau redesigned the site and in October 2006 launched an e-mail subscription service that lets visitors sign up for alerts. The FBI has 66 field offices, each with its own wanted list and regularly updated crime alerts, so visitors have a large selection to choose from. There are 170 different alerts visitors can sign up for.

On the rise

Response to the service has been encouraging. About 45,000 people have subscribed, and the number is growing by about 800 a week. On average, each subscriber signs up for 10 e-mail alerts.

'Odds are, if they come for one, they'll pick out a handful they want,' Eppard said. 'This is an important part of our public affairs puzzle.'

But the success of the program creates its own challenges. 'We didn't want to be bogged down with e-mail list maintenance and kickbacks from bad addresses.'

As anyone who has handled a large-scale e-mail program knows, just getting mass mailings past service providers' spam filters can be a major headache. One bad decision at a filter about a domain or IP address can block a lot of legitimate e-mail.

The FBI sends out about 1 million e-mail alerts a month, and 'that's something they don't want to do on their own servers,' said Scott Burns, chief executive officer of GovDelivery, which handles the job.

As its name implies, the company handles mass e-mail services for government customers, such as the Homeland Security Department, Centers for Disease Control and Prevention, and Social Security Administration, in addition to the FBI.
When a visitor to the FBI Web site clicks on the e-mail sign-up link, the request is directed to a GovDelivery server that creates the subscription.

The company also automatically generates the e-mail alerts, monitoring the Web sites for changes and sending them to the appropriate subscribers.

'The fundamental problem government agencies had is that they handled this separately from the Web site,' Burns said. Automating the process by tying it to the Web site makes it more efficient.

'We work only with government,' Burns said. Most other e-mail services work primarily in the more lucrative commercial market, where e-mail marketing generates revenue. But specializing in government traffic also has its advantages because the .gov domain generally is trusted. 'We can get them preferred relationships with the [Internet service providers].'
SIDEBAR | Lessons learned: Authentication is the key
The FBI had an e-mail delivery rate for its subscribers of better than 98 percent during the past two years, said Scott Burns, chief executive officer at GovDelivery, which provides the service to the bureau.

'We wanted to find a way to ensure 100 percent delivery,' Burns said. So the company has partnered with Goodmail Systems, which provides a service that cryptographically certifies that a message is trustworthy.

Goodmail creates what it calls a class of trusted mail by accrediting its customers as legitimate, responsible e-mailers.

'We do a credit check of the company, and we have a threshold of complaint rates' about a sender to an Internet service provider, said David Atlas, Goodmail's marketing vice president. The company must send only to recipients who have opted into its system, honor unsubscribe requests and have adequate security practices.

Once accredited, the sender's e-mail server gets software from Goodmail to do a Secure Hash Algorithm-1, or SHA-1, of each message sent. The hash is embedded in the e-mail as a cryptographic token to ensure its legitimacy. Cooperating ISPs have keys to verify the hash, authenticated messages can be routed past spam filters, and embedded images are not blocked.

Goodmail is working to add the largest providers to its network. AOL and Yahoo were among the first to join last year, and a number of other large providers have joined. E-mail messages appear in the inbox with an icon that shows they have been certified.

The potential for identifying trusted e-mail could be valuable to the FBI, Eppard said. 'This is a tool that could also be used in the case of a major event. If we really need to get information to people, we want to be sure people are getting the material we are sending out' and they know it can be trusted.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above