Lessons learned: Authentication is the key

The FBI had an e-mail delivery rate for its subscribers of better than 98 percent during the past two years, said Scott Burns, chief executive officer at GovDelivery, which provides the service to the bureau.

'We wanted to find a way to ensure 100 percent delivery,' Burns said. So the company has partnered with Goodmail Systems, which provides a service that cryptographically certifies that a message is trustworthy.

Goodmail creates what it calls a class of trusted mail by accrediting its customers as legitimate, responsible e-mailers.

'We do a credit check of the company, and we have a threshold of complaint rates' about a sender to an Internet service provider, said David Atlas, Goodmail's marketing vice president. The company must send only to recipients who have opted into its system, honor unsubscribe requests and have adequate security practices.

Once accredited, the sender's e-mail server gets software from Goodmail to do a Secure Hash Algorithm-1, or SHA-1, of each message sent. The hash is embedded in the e-mail as a cryptographic token to ensure its legitimacy. Cooperating ISPs have keys to verify the hash, authenticated messages can be routed past spam filters, and embedded images are not blocked.

Goodmail is working to add the largest providers to its network. AOL and Yahoo were among the first to join last year, and a number of other large providers have joined. E-mail messages appear in the inbox with an icon that shows they have been certified.

The potential for identifying trusted e-mail could be valuable to the FBI, Eppard said. 'This is a tool that could also be used in the case of a major event. If we really need to get information to people, we want to be sure people are getting the material we are sending out' and they know it can be trusted.

About the Author

William Jackson is a Maryland-based freelance writer.


  • business meeting (Monkey Business Images/Shutterstock.com)

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (Shutterstock.com)

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected