Only Two-Thirds of Federal Domains Meet Email Security Deadline

Only Two-Thirds of Federal Domains Meet Email Security Deadline

In addition to the relatively low install rate, after a year of staggered deadlines to implement the tool, one-fifth of government agency web domains appear not to have even begun installing it, according to the Global Cyber Alliance.

  • By Jessica Davis
  • Oct 18, 2018

About two-thirds (67 percent) of federal email domains met a Department of Homeland Security deadline Tuesday to install and be fully protected by a tool that guards against email phishing scams, according to research from the Global Cyber Alliance.

In addition to the relatively low install rate, after a year of staggered deadlines to implement the tool, one-fifth of government agency web domains appear not to have even begun installing it, according to the GCA.

Domain-based Message Authentication, Reporting and Conformance, known as DMARC, verifies an email sender’s identity by pinging a sender’s email domain to ask if the sender actually belongs to that organization. If the domain reports that the sender is illegitimate, DMARC can automatically deliver the email to the intended recipient’s spam folder or decline to deliver it at all.

In order to work, DMARC must be installed on both the sending and receiving inbox. More than 80 percent of commercial email inboxes have DMARC installed, as it is standard among major email providers like Google and Microsoft.

The tool is especially vital for federal government email domains, which could be used by phishers to try to scam citizens into giving them sensitive personal information related to taxes or government benefits like Medicare.

The 67 percent of government domains that had DMARC installed by the Tuesday deadline is a major increase from the 8 percent that were using the tool when Homeland Security issued the order to install it in 2017, according to Tom McDermott, the department’s Deputy Assistant Secretary for Cyber Policy.

Homeland Security plans “to get very close to 100 percent” adoption of the tool “in the near future,” McDermott said.

Defense agencies are not required to comply with Homeland Security’s 2017 DMARC order but were directed to install it whenever possible as part of a defense policy bill passed by Congress in August.

DMARC should be installed across defense domains by the end of the year, according to Defense Chief Information Officer Dana Deasy.

About the Author

Jessica Davis is the Associate Content Editor for 1105 Media.

Featured

  • A Look at AI

    Large language models (LLMs) have taken the world by storm. Within months of OpenAI launching its AI chatbot, ChatGPT, it amassed more than 100 million users, making it the fastest-growing consumer application in history. Read Now

  • First, Do No Harm: Responsibly Applying Artificial Intelligence

    It was 2022 when early LLMs (Large Language Models) brought the term “AI” into mainstream public consciousness and since then, we’ve seen security corporations and integrators attempt to develop their solutions and sales pitches around the biggest tech boom of the 21st century. However, not all “artificial intelligence” is equally suitable for security applications, and it’s essential for end users to remain vigilant in understanding how their solutions are utilizing AI. Read Now

  • Improve Incident Response With Intelligent Cloud Video Surveillance

    Video surveillance is a vital part of business security, helping institutions protect against everyday threats for increased employee, customer, and student safety. However, many outdated surveillance solutions lack the ability to offer immediate insights into critical incidents. This slows down investigations and limits how effectively teams can respond to situations, creating greater risks for the organization. Read Now

  • Security Today Announces 2025 CyberSecured Award Winners

    Security Today is pleased to announce the 2025 CyberSecured Awards winners. Sixteen companies are being recognized this year for their network products and other cybersecurity initiatives that secure our world today. Read Now

  • Empowering and Securing a Mobile Workforce

    What happens when technology lets you work anywhere – but exposes you to security threats everywhere? This is the reality of modern work. No longer tethered to desks, work happens everywhere – in the office, from home, on the road, and in countless locations in between. Read Now

Most   Popular

New Products

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities