Is your agency DMARC compliant?
Alexander García-Tobar, CEO and co-founder of Valimail, joined the drive-time show “Federal Drive” on Federal News Radio to discuss the details of the Department of Homeland Security’s recent DMARC deadline.
The 10-minute interview, which aired on the same day as the deadline, was hosted by Tom Temin, who asked García-Tobar how agencies are doing — and what’s next.
“At this pace, we will most likely see most agencies be there in the next month or two,” García-Tobar predicted, citing more than 2x growth in federal DMARC deployment over the past three months.
Highlights of the interview:
The two phases of DMARC implementation
Monitor-only mode (which is what the January 15 deadline called for), and enforcement (which agencies need to reach by October 16).
“It’s quite simple to put in a DMARC record, and it’s quite illuminating,” said García-Tobar. “The really key part though is getting to enforcement, and that is extremely hard.”
Three approaches to managing DMARC
García-Tobar explained the differences between DIY, consulting-driven, and automated approaches to DMARC management. The trick — and this is why so many companies fail to get to enforcement — is that you have to continually monitor senders. Whenever a new one pops up you need to decide whether or not to allow it to send on your behalf.
The importance of automation
“This is not a one-time thing. This is an ongoing process,” García-Tobar said. “And that is why the automation portion of this is so critical.”
The next steps
Who’s responsible within agencies and what do they need to do first? What about training employees not to click on phishing links?
Listen to the 10-minute interview on Federal News Radio.