Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Share this article
Related posts
  • Blog
    Research: Only 22 of the top 100 retailers are protected by DMARC
  • Blog
    DMARC authentication gets you the deliverability you deserve
  • Blog
    How vulnerable are U.S. election operations to email spoofing?
Valimail blog

This Independence Day, celebrate U.S. cybersecurity progress

Author: Dylan Tweney
whitehouse at night

It’s been almost nine months since the Department of Homeland Security issued a directive mandating that all U.S. federal agencies implement several security-enhancing measures, including DMARC, HTTPS, and STARTTLS.

At the time BOD 18-01 came out in October 2017, only 18 percent of the 1,315 U.S. federal domains had a DMARC record, and about only about 4 percent were protected by DMARC at enforcement. If you were skeptical about the government’s ability to move quickly on this technological mandate, your skepticism might have been justified.

But the Feds proved the naysayers wrong. Three months after the directive, almost 55 percent of federal domains had DMARC records. And today, that number stands at more than 70 percent of all federal domains.

Even better, more than 42 percent of federal government domains are now protected by DMARC records at enforcement — a policy setting of p=reject or p=quarantine — which means that emails impersonating these domains will be rejected  or sent to spam folders.

The DHS didn’t merely order agencies to deploy DMARC, it also required that the agencies move those DMARC records to “reject” policies by October 16, 2018. This is smart, because without an enforcement policy, DMARC does not provide protection against impersonation. Once all federal domains are locked down with enforcement policies — and to be fair, this will probably take longer than until October 16, 2018 — the government and its citizens will enjoy far greater protection from hackers, because these agencies will be much harder to impersonate.

DMARC is not the only area where the government is making progress. The federal government website Pulse shows that 65 percent of federal domains are compliant with BOD 18-01’s HTTPS requirements. That includes not just using HTTPS, but also deploying stronger forms of encryption, using HTTP Strict Transport Security (HSTS), and preloading federal websites as HSTS-only in compatible modern browsers.

These changes will not stop all cyberattacks. But they do cut off the most common avenues of attack: Phishing via email, for instance, is implicated in over 90 percent of successful attacks, and the predominant form of phishing is same-domain impersonation. Utilizing these standards will force hackers to try harder avenues of attack, rendering government agencies that much more secure.

More importantly, the embrace of HTTPS, DMARC, and other security standards has clearly put the U.S. government in a leadership position with regard to cybersecurity. And that’s something we can all celebrate this 4th of July.

 

About Dylan Tweney: Dylan Tweney is the VP of research and communications for Valimail. Formerly, Dylan was the founder of Tweney Media, a content-driven communications agency, whose clients included Samsung, Korn Ferry International, Upwork, YL Ventures, Bloomberg Beta, and Valimail.

Previous to that, he was the editor-in-chief of VentureBeat (2011-2015) and a senior editor at Wired (2007-2011).

 

Back to blog
Published July 4, 2018
  • BOD 18-01
  • DHS
  • DMARC
Author: Dylan Tweney
Dylan Tweney is the VP of research and communications for Valimail. He is the founder of Tweney Media, a content-driven communications agency, whose clients have included Samsung, Korn Ferry International, Upwork, YL Ventures, Bloomberg Beta, and Valimail. Formerly, he was the editor-in-chief of VentureBeat and a senior editor at Wired.
Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers
Subscribe to our newsletter

Get exclusive content on improving email security and deliverability from the experts at Valimail.

  • *
    I understand that I may proactively manage my preferences, or opt-out of Valimail communications at any time using the unsubscribe link provided in Valimail email communication. I confirm that I am over the age of 16. The information that you provide will be used in accordance with the terms of our Privacy Policy.
  • This field is for validation purposes and should be left unchanged.