Lessons learned: Authentication is the key

The FBI had an e-mail delivery rate for its subscribers of better than 98 percent during the past two years, said Scott Burns, chief executive officer at GovDelivery, which provides the service to the bureau.

'We wanted to find a way to ensure 100 percent delivery,' Burns said. So the company has partnered with Goodmail Systems, which provides a service that cryptographically certifies that a message is trustworthy.

Goodmail creates what it calls a class of trusted mail by accrediting its customers as legitimate, responsible e-mailers.

'We do a credit check of the company, and we have a threshold of complaint rates' about a sender to an Internet service provider, said David Atlas, Goodmail's marketing vice president. The company must send only to recipients who have opted into its system, honor unsubscribe requests and have adequate security practices.

Once accredited, the sender's e-mail server gets software from Goodmail to do a Secure Hash Algorithm-1, or SHA-1, of each message sent. The hash is embedded in the e-mail as a cryptographic token to ensure its legitimacy. Cooperating ISPs have keys to verify the hash, authenticated messages can be routed past spam filters, and embedded images are not blocked.

Goodmail is working to add the largest providers to its network. AOL and Yahoo were among the first to join last year, and a number of other large providers have joined. E-mail messages appear in the inbox with an icon that shows they have been certified.

The potential for identifying trusted e-mail could be valuable to the FBI, Eppard said. 'This is a tool that could also be used in the case of a major event. If we really need to get information to people, we want to be sure people are getting the material we are sending out' and they know it can be trusted.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/Shutterstock.com)

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.