Ohio takes key step to protect the state and its citizens from impersonation attacks
SAN FRANCISCO, March 14, 2019 – Valimail, the only provider of email authentication to have received an authorization to operate with federal agencies from the U.S. FedRAMP program, is proud to announce that it has been awarded a contract from the State of Ohio to implement email authentication for the state’s internet domains.
Under the contract, Valimail will automate the creation, maintenance, and monitoring of email authentication for the State of Ohio’s domains, starting with Ohio.gov and state.oh.us.
Valimail’s technology will enable Ohio to configure its domains with a Domain-based Message Authentication Reporting & Conformance (DMARC) policy of enforcement, protecting the state, its citizens, businesses and organizations from the possibility of email impersonation. This contract also will provide Ohio with unprecedented visibility into all senders, legitimate and suspicious, using its domains to send email messages.
“We applaud Ohio for being a national leader in taking this critical step to protect state internet infrastructure,” said Valimail co-founder and CEO Alexander García-Tobar. “Ninety-one percent of all cyberattacks begin with email. The vast majority of those use impersonation. Email authentication, powered by Valimail, will enable Ohio to stop the fraudulent use of its domains in email messages — cutting off those attacks at the knees. We are honored and proud to help Ohio achieve its email authentication goals.”
Since an October 2017 directive from the Department of Homeland Security (BOD 18-01), mandating the use of this technology, more than 70 percent of federal government domains have implemented email authentication. While that directive does not apply to state governments, Ohio is proactively choosing to deploy email authentication on its own domains.
Email enforcement, when configured correctly using DMARC and other widely accepted standards, prevents unauthorized senders from using a protected domain in their email messages. With enforcement, only senders explicitly authorized by a domain owner will be able to send messages from that domain (using the domain in the “From:” field of their messages); all others will be blocked, by virtually all email inboxes worldwide.