Lessons learned: Authentication is the key

The FBI had an e-mail delivery rate for its subscribers of better than 98 percent during the past two years, said Scott Burns, chief executive officer at GovDelivery, which provides the service to the bureau.

'We wanted to find a way to ensure 100 percent delivery,' Burns said. So the company has partnered with Goodmail Systems, which provides a service that cryptographically certifies that a message is trustworthy.

Goodmail creates what it calls a class of trusted mail by accrediting its customers as legitimate, responsible e-mailers.

'We do a credit check of the company, and we have a threshold of complaint rates' about a sender to an Internet service provider, said David Atlas, Goodmail's marketing vice president. The company must send only to recipients who have opted into its system, honor unsubscribe requests and have adequate security practices.

Once accredited, the sender's e-mail server gets software from Goodmail to do a Secure Hash Algorithm-1, or SHA-1, of each message sent. The hash is embedded in the e-mail as a cryptographic token to ensure its legitimacy. Cooperating ISPs have keys to verify the hash, authenticated messages can be routed past spam filters, and embedded images are not blocked.

Goodmail is working to add the largest providers to its network. AOL and Yahoo were among the first to join last year, and a number of other large providers have joined. E-mail messages appear in the inbox with an icon that shows they have been certified.

The potential for identifying trusted e-mail could be valuable to the FBI, Eppard said. 'This is a tool that could also be used in the case of a major event. If we really need to get information to people, we want to be sure people are getting the material we are sending out' and they know it can be trusted.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above