Oct 17, 2018
Valimail press release
100% of Valimail’s Federal Government Customers Meet BOD 18-01 Deadline
Only Vendor to Enable All Agency Customers to Meet Key DHS Deadline for Email Authentication
SAN FRANCISCO, October 17, 2018 — Valimail, the world’s only FedRAMP-authorized provider of DMARC email authentication, announced today that 100 percent of the U.S. federal agencies using its Valimail Enforce™ product have achieved compliance by the email authentication deadline set by the Department of Homeland Security.
All of Valimail’s executive-branch customers using Valimail Enforce achieved compliance, with a median time to enforcement of three weeks. In contrast, utilizing their own in-house resources or other email authentication vendors, email authentication projects can typically take up to 12-18 months (or more).
“Valimail congratulates these agencies on achieving this milestone in protecting their domains and — by extension — the citizens of the United States. We are extremely proud to be a key contributor to the cybersecurity infrastructure of the United States,” said Valimail CEO and co-founder Alexander García-Tobar. “Not only are these agencies in compliance with the DHS directive, they have cut off a major vector of cyber attacks from hackers, phishers, as well as hostile state-sponsored cyber criminals, enabling everyone to trust the emails sent from these agencies.”
All achieved compliance by the October 16 deadline. All are using Valimail’s automated email authentication solution, Valimail Enforce.
Binding Operational Directive 18-01 (BOD 18-01), issued by DHS in October 2017, mandated that executive-branch agencies, with the exception of defense and intelligence, publish Domain-based Message Authentication, Reporting, and Conformance (DMARC) records and configure them to a strict enforcement policy by October 16, 2018. Such a policy directs receiving mail servers to reject (delete) any messages that appear to come from a domain, but which do not come from a sender authorized by that domain. In other words, DMARC at enforcement is an essential component for stopping email-based impersonation — the #1 vector for cyberattacks worldwide.
Research done by Valimail has found that, as of October 15, just 57 percent of U.S. federal domains were in compliance with BOD 18-01 and protected by email authentication at enforcement, although 75 percent of federal .gov domains have published DMARC records. That is a huge jump from a year ago, when only 4 percent of these domains were protected.