Last updated 4 weeks ago ago. Our resources are updated regularly but please keep in mind that links, programs, policies, and contact information do change.
The familiar ritual of checking the mailbox has taken a digital turn with USPS Informed Delivery. This free service from the United States Postal Service offers a convenient way to preview incoming mail and track packages from your smartphone or computer.
How Informed Delivery Works
USPS Informed Delivery works by digitally capturing images of the front of letter-sized mailpieces as they move through the Postal Service’s automated sorting equipment. Subscribers receive a daily digest email containing grayscale images of these letters, providing a preview of what to expect in their mailbox.
Beyond letter previews, the service also integrates package tracking information, allowing users to monitor the journey of their parcels from acceptance to delivery.
This information is accessible through the daily email, an online dashboard, and the USPS Mobile app, offering flexibility and convenience for users on the go.
Security Measures
To ensure the security of Informed Delivery accounts and protect user privacy, USPS has implemented several key measures.
The registration process requires a thorough identity and address verification. This multi-step process can be completed online through knowledge-based questions or mobile verification. If online verification is unsuccessful, users have the option to verify their identity in person at a designated USPS location.
As an additional security measure, new subscribers receive a welcome letter containing a deactivation code, allowing them to cancel the service if they did not personally sign up.
Once a user’s identity is verified, all communication between their devices and USPS servers is encrypted, safeguarding the digital previews from unauthorized access. This encryption extends to data stored within USPS systems, including both personal information and the captured images of mail.
The registration process incorporates multi-factor authentication, adding an extra layer of security beyond just a password. USPS also adheres to the privacy requirements outlined in the Privacy Act, which governs the handling of personal information by federal agencies.
Access to sensitive information within USPS is restricted to employees with a legitimate job-related need to know, further limiting the potential for internal misuse.
For online interactions, industry-standard encryption protocols such as SSL/HTTPS are employed to protect data transmitted between the user’s browser or app and USPS servers. For users of the USPS mobile app, an optional biometric login feature provides an additional layer of security and convenience.
USPS Privacy Policy
The USPS privacy policy serves as a guide to the organization’s information practices, detailing how personal data is collected, used, and protected both online and offline.
A fundamental principle of this policy is that USPS does not sell or rent personal information to external parties, including marketers. Marketing of other USPS products or services to consumers is conducted only with their explicit consent, adhering to an opt-in standard.
The primary purpose of collecting user information is to provide the requested services, such as Informed Delivery, and to respond to user inquiries. The collection of this information is authorized by specific United States laws.
Disclosure of personal information to third parties without user consent is limited to specific circumstances, such as facilitating transactions, acting on the user’s behalf, or when legally required.
While users navigate the USPS website, certain non-personally identifiable information may be collected for website analytics, helping USPS to understand user behavior and improve the overall online experience. Third-party analytics providers used by USPS are prohibited from accessing any personally identifiable information.
The terms and conditions for using Informed Delivery indicate that third-party platforms, such as the operating systems of the devices used to access the service, may also collect user-provided information.
Potential Risks and Past Incidents
Despite the security measures implemented by USPS, potential risks and past incidents associated with Informed Delivery warrant consideration.
The World Privacy Forum raised early concerns about the potential for phishing attacks through interactive content in mail previews and questioned the extent of user activity tracking by USPS.
A significant security incident occurred in 2018 when an API vulnerability in the related Informed Visibility system exposed the personal details of approximately 60 million users. This breach, caused by improperly implemented access controls, allowed unauthorized individuals to potentially view sensitive information such as email addresses, usernames, physical addresses, and phone numbers.
The fact that this vulnerability was reportedly known for a year before being addressed raises concerns about the responsiveness of security protocols.
In the same year, the Secret Service issued an alert regarding the exploitation of Informed Delivery by criminals for identity theft, using the service to track the delivery of stolen credit cards.
Scammers can also fraudulently sign up for Informed Delivery using a victim’s personal information to monitor their mail, looking for valuable items or sensitive documents.
Furthermore, USPS customers are frequently targeted by text message scams that mimic Informed Delivery notifications, attempting to trick users into revealing personal information or clicking on malicious links.
An independent audit by the USPS Office of Inspector General (OIG) in October 2018 on the Informed Visibility system identified additional security weaknesses related to authentication and encryption, suggesting that vulnerabilities might exist across related USPS platforms.
It is important to distinguish these incidents from a separate data breach in 2014 that affected USPS employees and some customer inquiry records, which was unrelated to the Informed Delivery service.
Common User Concerns
Users have voiced various questions and concerns regarding the privacy implications of Informed Delivery.
Some have reported discrepancies between the digital previews and the actual mail they receive, leading to questions about the reliability and accuracy of the service.
A significant concern revolves around the possibility of unauthorized individuals signing up for Informed Delivery at someone else’s address, potentially allowing them to monitor another person’s mail. This raises worries about potential stalking or harassment, as the service provides insights into mail delivery patterns.
Users also frequently inquire why not all types of mail are included in the digital previews, with the service primarily focusing on letter-sized mail processed through automated equipment.
The delay between receiving the digital preview and the actual physical delivery is another common point of discussion.
Some users have expressed feeling uneasy about the potential for misuse of the service, with terms like “terrifying” appearing in online discussions regarding its privacy implications.
The extent to which USPS tracks user activity within the Informed Delivery platform and whether this data is shared with third parties are also recurring questions.
Additionally, some users have noted issues with the functionality to report missing mail through the Informed Delivery interface, suggesting potential limitations in user support features.
How to Enhance Your Security
To enhance the security of your Informed Delivery account and protect your privacy, several proactive steps can be taken:
- Ensure that you complete the identity verification process thoroughly during the sign-up
- Use a strong, unique password for your USPS account and enable two-factor authentication (if available)
- Regularly check your email opt-in settings and spam folders to ensure you receive notifications promptly
- Consider integrating Informed Delivery with physical security measures such as security cameras, video doorbells, and package lockers
- Monitor your Informed Delivery notifications daily and take timely action on expected deliveries
- Utilize the official USPS mobile app for secure access to the service
- Be cautious of unsolicited text messages or emails claiming to be from USPS, especially those containing links or requesting personal information
- Consider opting out of receiving unsolicited credit card and insurance offers to reduce the amount of sensitive mail
- Review and manage your notification preferences within your Informed Delivery account
- If using the USPS mobile app, enable biometric login for an added layer of security
- Be mindful of the security of your email account, as it serves as the primary channel for Informed Delivery notifications
Independent Oversight
Independent oversight of USPS operations, including its digital services, is conducted by the USPS Office of Inspector General (OIG). The OIG’s role is to ensure efficiency, accountability, and integrity within the Postal Service through audits and investigations.
This includes assessing the security posture of USPS’s information technology systems. While a specific independent security audit report dedicated solely to Informed Delivery was not evident in the provided materials, the OIG’s October 2018 audit of the Informed Visibility system (Report Number IT-AR-19-001) offers valuable insights.
This audit identified vulnerabilities in areas such as configuration baseline compliance, web application encryption protocols (specifically TLS 1.0 and 1.1), database account management, and audit logging.
Although Informed Visibility is a business-focused service, its reliance on similar underlying infrastructure to Informed Delivery suggests that these findings are relevant to the overall security considerations of USPS’s digital mail services.
The Government Accountability Office (GAO) also noted that USPS did not document its conclusions based on the results of its pilot program for Informed Delivery.
The OIG’s ongoing work includes vulnerability assessments of USPS IT applications, indicating a continuous effort to identify and mitigate security risks. The OIG operates independently of USPS management, providing an objective perspective on the Postal Service’s operations and security protocols.
USPS Response to Security Threats
USPS has demonstrated a capacity to respond to identified security threats and vulnerabilities.
Following the 2018 data breach affecting the Informed Visibility system, USPS addressed the API vulnerability that led to the exposure of user data. While the initial delay in rectifying the reported flaw was criticized, the eventual fix highlights a reactive measure taken to mitigate a significant security risk.
USPS has stated that they continuously monitor their network for suspicious activity, employing industry best practices to detect and respond to potential threats. The organization has also emphasized its commitment to investigating and pursuing individuals who attempt unauthorized access to their systems.
In response to a prior data breach in 2014, USPS implemented additional security measures to strengthen its overall security posture.
When security incidents occur, USPS collaborates with various government agencies, including the FBI, Department of Justice, the OIG, the Postal Inspection Service, and the U.S. Computer Emergency Readiness Team, leveraging their expertise to investigate and remediate threats. Private-sector specialists are also engaged to assist in these efforts.
Furthermore, USPS has taken action against individuals attempting to misuse Informed Delivery for fraudulent purposes, including shutting down accounts and conducting investigations. Users are also provided with channels to report suspected mail fraud to the Postal Inspection Service, enabling a collaborative approach to combating postal-related crime.
Our articles make government information more accessible. Please consult a qualified professional for financial, legal, or health advice specific to your circumstances.