Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Related posts
  • Press release
    Valimail Report Reveals 3 Billion Spoofed Emails are Sent Every Day
  • Press release
    Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
  • Press release
    Valimail: 2020 election infrastructure still vulnerable to email hackers
Valimail press release

Half of Federal Agencies On Track With DHS Email Requirement as Deadline Looms

SAN FRANCISCO, Oct. 9, 2018 — Valimail, the world’s only FedRAMP-authorized provider of DMARC email authentication, released findings today showing that 50 percent of federal government domains will meet the October 16 deadline to comply with a Department of Homeland Security directive requiring protection against impersonation emails.

The Valimail report, “How Federal Agencies are Meeting the Email Authentication Challenge,” found that 655 of 1,315 federal .gov domains, or 50 percent, are in compliance with Binding Operational Directive (BOD) 18-01. This directive requires executive branch agencies to deploy the Domain-based Message Authentication, Reporting and Conformance (DMARC) authentication standard and set it to a policy that rejects fake emails by Oct. 16, 2018. It represents a significant increase from a year ago, when just 4 percent of agencies has DMARC policies that rejected fake email.

federal government DMARC progress 2017-2018 (chart)

The report indicates that almost all agencies have taken the email security directive seriously, with 75 percent (981 total) of all federal government domains deploying a DMARC record — up from 18.5 percent a year ago. But many still need to achieve full compliance with BOD 18-01 by configuring their DMARC record to enforcement status. And 25 percent of federal agency domains have not yet adopted DMARC in any form.

Email authentication standards critical to protect against phishing and fraud

By deploying email authentication through DMARC and other standards and by configuring DMARC to a policy of enforcement — which directs receiving mail servers to reject or quarantine unauthorized messages — organizations can substantially improve their cybersecurity defense posture, protect themselves against phishing, and shut down email-based impersonation and fraud.

“Most federal agencies have responded admirably to the DHS directive from one year ago, issued in response to the historic explosion of phishing attacks and email impersonation exploits. At that time, the U.S. government was particularly vulnerable, so BOD 18-01 has had an incredibly positive effect on the safety and security of the U.S. government,” said Alexander García-Tobar, CEO and co-founder of Valimail. “But agencies still have work to do in order to achieve full compliance and protection from fake email.”

Other key findings in the report show that:

  • 63 percent of the domains that are now in compliance with this month’s BOD 18-01 deadline are not used for email.
  • 92 percent of military domains still lack DMARC records of any kind, and none are protected by DMARC at enforcement. However, military domains (which include defense.gov) are not covered by the DHS directive, which exempts national security systems, the intelligence community, and the Department of Defense.
  • The 42 agencies with four or more domains have, on average, 54 percent of their domains in compliance with BOD 18-01.

Federal agencies are far ahead of the private sector when it comes to email fraud prevention. Earlier this year, Valimail revealed that 93 percent of Fortune 500 companies are unable to prevent “spoofing” of their own email domains and remain susceptible to impersonation attacks.

The earlier Valimail Q2 2018 Email Fraud Landscape report, issued in August 2018, showed that fake email is a serious problem, with an estimated 6.4 billion fake emails sent every day. Fake email is the direct result of the lack of a built-in authentication mechanism in basic email systems, enabling malicious hackers to easily spoof email domains. The DMARC standard was developed to extend the functionality and effectiveness of two earlier standards — SPF and DKIM — to thwart hackers and make email safe.

To download the free government report from Valimail, visit https://www.valimail.com/resources/report/the-federal-dmarc-challenge-october-2018.

About Valimail

Valimail is the global leader in zero-trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world’s largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. Valimail is the fastest growing DMARC solution, with the most domains at DMARC enforcement, and is the premier DMARC partner for Microsoft 365 environments. For more information visit www.valimail.com.

Resources
Email Fraud Landscape Spring 2021
Learn more
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Report Reveals 3 Billion Spoofed Emails are Sent Every Day
Learn more
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

1942 Broadway St., Ste. 314C
Boulder, CO 80302

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers