With DHS Deadline Days Away, 90 Percent of Federal Email Domains Remain Vulnerable to Spoofing
- Despite progress, most federal agencies have not completed DMARC implementation
- ValiMail to co-host workshop on January 10 with DHS, Global Cyber Alliance (GCA), and Federal Computer Week on proper DMARC set-up
SAN FRANCISCO, Jan. 3, 2018 /PRNewswire/ -- ValiMail, the world's only provider of automated email authentication, announced today the results of a new report showing that 90 percent of federal email domains remain vulnerable to spoofing attacks. In light of the Department of Homeland Security's (DHS) recent directive mandating that all federal agencies implement the DMARC email authentication protocol by January 15, 2018, the majority of these organizations are set to miss the deadline.
ValiMail's analysis shows that, as of January, 90 percent of the 1,315 government domains (.gov) can be easily impersonated with fake emails that appear to come from their domains. While the overall rate of DMARC enforcement is low, the latest data reveals that 138 federal domains are now protected from email fraud – nearly triple October's total of 51. ValiMail also found that:
- Agencies are encountering significant challenges in implementation: While many .gov domains have attempted to write DMARC records, few have succeeded in using it to stop fraud. At present, 43 percent of all .gov domains have published DMARC records (up from 18 percent in October), but roughly 16 percent of the published DMARC records are invalid.
- Fully 60 percent of the federal domains attempting email authentication remain vulnerable to fraud: These domains have DMARC records that are technically correct but have not been set to an enforcement policy. That leaves just 10 percent of U.S. government domains that are protected by email authentication via DMARC.
In order to help federal agencies comply with the directive, ValiMail will be hosting a 90 minute workshop on January 10 at the Army and Navy Club in Washington, D.C. Titled "How to Meet the DHS DMARC Deadline," the session will provide expert instruction and background from the DHS, GCA, and ValiMail; and will be followed by a 30-minute optional hands-on demonstration of how to set up a working DMARC record.
"Government agencies are clearly trying to do the right thing," said Peter Goldstein, CTO and co-founder of ValiMail. "But getting email authentication right is difficult. Merely publishing a DMARC record without enforcement is not enough – it's akin to buying a home security system but never turning it on."
"With the Department of Homeland Security's deadline fast approaching, it's clear federal agencies need more help," said Shehzad Mirza, director of operations for the Global Cyber Alliance (GCA). "Implementation of DMARC will be a big step in the right direction to help prevent phishing and other email-based cyber attacks aimed at our federal institutions."
To request an invitation to ValiMail's "How to Meet the DHS DMARC Deadline" workshop, sign up at the following link by January 4: http://go.valimail.com/meet-dhs-dmarc-deadlines-workshop.html
About ValiMail
ValiMail provides the first and only truly automated email authentication solution for brand protection and anti-fraud defense. ValiMail's patented, standards-compliant technology provides an unrivaled one-click solution for DMARC enforcement to stop phishing attacks, increase deliverability, and protect organizations' reputations. ValiMail authenticates billions of messages a month for some of the world's biggest companies, in finance, government, transportation, health care, manufacturing, media, technology, and more. ValiMail is based in San Francisco. For more information visit www.ValiMail.com.
SOURCE ValiMail
Related Links
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article