The reason for this financial, environmental and logistical absurdity is that you'd have to be nuts to open an email from Bank of America, since most emails that are purportedly from Bank of America are not from Bank of America. They're actually from The I-Need-A-New-Mercedes Bank of Leningrad (or Budapest, or Tel Aviv, or Shanghai...). Furthermore, the ISP who delivers consumer email has no idea which hyperlinks and images are safe, and so as a policy the ISP strips all links, media and scripts from the email, rendering the medium rather useless to you and Bank of America.
The textbook solution to this problem is nearly impossible. You'd have to set up auditing procedures to authenticate all legitimate senders, and monitor the senders' behavior to ensure that they never engage in bad practices like spreading malware or spam. You'd have to examine every script and media object they wish to transmit. You'd have to set up and operate cryptographic infrastructure to establish the integrity of the message from the sender's computer all the way to the inbox (i.e. no added viruses or such). You'd have to convince the ISP's who provide web interfaces to change the way they process their email streams based on the cryptographic tokens attached to the messages. The ISP's would then have to explicitly distinguish for users in their web UI which messages are trusted. And then you'd have to convince businesses that they should pay a transaction fee per email to fund all this infrastructure.
Only one startup was crazy enough to try this. With some amusement, I watched Daniel Dreymann's team for three years trying to line up all these ducks. Suddenly, in September, I heard quacking. Mountain View-based Goodmail had actually signed up ISP's representing over 300 million users (including most of the consumer ISP inboxes in the US and Europe), deployed the necessary cryptographic infrastructure, and delivered over three billion CertifiedEmail messages that month on behalf of Time, StubHub and other commercial and non-profit senders.
That's what I call an industry standard solution to a big problem. So last week I invested in Goodmail and joined the board, alongside Scott Kurnit, Don Hutchison, VCs from DCM, Emergence and Softbank, and GoodMail's new CEO Peter Horan (former CEO of About.com).
It was a pretty easy decision for me, having done okay funding email security companies in the past. Worldtalk, Tumbleweed and ON developed email security and each went public before being acquired. Cyota and Postini developed anti-phishing and anti-spam services, and they sold for great prices to RSA and Google, respectively. And in 1995 I started a little company in our offices called Digital Certificate Inc. to build a similarly ambitious cryptographic infrastructure and ecosystem for securing web sessions (we later changed the name to Verisign).
The cost of sending CertifiedEmail is 0.1% that of sending a paper statement, invoice or brochure, not to mention the environmental imperative. Thanks to Goodmail, businesses can now send CertifiedEmails, and we can all safely open them without wearing rubber gloves.
Blogged with Flock