Binding Operational Directive (BOD) 18-01 Compliance

Deceptive and malicious emails cause 90% of government cybersecurity attacks. Yet most agencies lack the DMARC authentication technology to stop them.

Federal agencies are providing more communications to citizens with email than ever before. And these agencies, along with state & local governments, and their critical infrastructure are the constant targets of an increasing flow of sophisticated cyber threats. Security breaches, cyber attacks, fraud, and malicious email pose a grave threat to government agencies and our digitally connected society.

To address this basic vulnerability, the Department of Homeland Security (DHS) issued Binding Operational Directive  (BOD) 18-01, mandating DMARC email authentication for all federal executive agencies by October 2018. Valimail’s government report on BOD 18-01 outlines the requirements, progress, and challenges Federal agencies face in achieving  the goals of this important mandate.

Valimail offers the only truly automated DMARC solution in the industry with guaranteed enforcement.

Email Fraud Prevention and Restoring Citizen Trust

US citizens, government agencies, and our allies are the constant target of rapidly escalating fraud and malicious activities that exploit the trust and authority implied by email sent from .gov domains.

In 2016, the U.S. Internal Revenue Service (IRS) experienced 400% growth in fraudulent outgoing emails that used the IRS’ domain name in the From fields of their emails to impersonate government officials, threaten fictitious IRS action, and demand fraudulent payments from unsuspecting citizens. Threatened in a similar way, UK tax authorities stopped 300 million fraudulent emails and phishing attempts in a single year by mandating DMARC email authentication.

These attacks can be stopped and citizens’ trust restored with DMARC enforcement. Valimail offers the only automated DMARC enforcement solution for government agencies that will protect your agencies, citizens, and get you compliant with BOD 18-01 quickly and efficiently. Unlike other solutions, Valimail takes on all the burden of visibility, control, and compliance. Agencies just have to point their DMARC, SPF, and DKIM record to Valimail.

Email Authentication for Government Agencies

Valimail’s email authentication solution for government, ValiGov protects government organizations from spear phishing, whaling, and impersonation attacks and gets them to BOD 18-01 compliance. Leveraging DMARC global standards along with patented technology, Valimail’s cloud solution authenticates every email in real-time, sanctioning legitimate senders and thwarting fraud from malicious impersonators.

Valimail is the only truly automated solution with a guaranteed DMARC enforcement. All it takes is just a simple DNS text record change and pointing their DMARC, SPF, and DKIM to Valimail. That’s it. After that, the Valimail solution takes care of everything.  Valimail's easy-to-use console gives IT staff visibility into legitimate and suspicious sources of email, eliminates the risk of exposure of personal information, and provides detailed results of authentication tests. Unlike other solutions that make you do all the work, Valimail's patented technology takes on all the work and removes the burden of getting you to enforcement.

Valimail’s robust enterprise-grade cloud service scales to meet the largest government agencies' needs. Key features of our enterprise-grade infrastructure include:

  • Global deployment, with fully redundant 99.995% infrastructure
  • Data encryption at rest and in transit
  • SSO/Access controls/2-factor authentication
  • Privacy Shield Certified/ISOC2
  • No PII

Both the government and our citizens... deserve a trusted relationship.

Jeanette Manfra
Assistant Secretary for Cybersecurity & Communications at DHS

88% of .gov domains are not ready for DHS deadlines and are easy to impersonate with fake emails that mimic agency officials.

Valimail Government Report
on 2018 DHS DMARC Mandates