Lessons learned: Authentication is the key
- By William Jackson
- Sep 09, 2007
The FBI had an e-mail delivery rate for its subscribers of better than 98 percent during the past two years, said Scott Burns, chief executive officer at GovDelivery, which provides the service to the bureau.
'We wanted to find a way to ensure 100 percent delivery,' Burns said. So the company has partnered with Goodmail Systems, which provides a service that cryptographically certifies that a message is trustworthy.
Goodmail creates what it calls a class of trusted mail by accrediting its customers as legitimate, responsible e-mailers.
'We do a credit check of the company, and we have a threshold of complaint rates' about a sender to an Internet service provider, said David Atlas, Goodmail's marketing vice president. The company must send only to recipients who have opted into its system, honor unsubscribe requests and have adequate security practices.
Once accredited, the sender's e-mail server gets software from Goodmail to do a Secure Hash Algorithm-1, or SHA-1, of each message sent. The hash is embedded in the e-mail as a cryptographic token to ensure its legitimacy. Cooperating ISPs have keys to verify the hash, authenticated messages can be routed past spam filters, and embedded images are not blocked.
Goodmail is working to add the largest providers to its network. AOL and Yahoo were among the first to join last year, and a number of other large providers have joined. E-mail messages appear in the inbox with an icon that shows they have been certified.
The potential for identifying trusted e-mail could be valuable to the FBI, Eppard said. 'This is a tool that could also be used in the case of a major event. If we really need to get information to people, we want to be sure people are getting the material we are sending out' and they know it can be trusted.
William Jackson is a senior writer of GCN and the author of the CyberEye blog.