U.S. government making progress on DMARC implementation

The deadline for full DMARC implementation in U.S. government-owned domains is less than three months away and only half of the domains have the correct policy in place. Only half of U.S. government agencies have taken steps toward DMARC implementation despite the October 2018 deadline. The Department of Homeland Security issued the Binding Operational Directive (BOD) 18-01 in October 2017 mandating that all federal, executive branches, departments and agencies implement specific email security and web security measures, including STARTTLS, Sender Policy Framework, DomainKeys Identified Mail, Hypertext Transfer Protocol Secure (HTTPS) and DMARC. "Federal agency 'cyber hygiene' greatly impacts user security," the directive said. "By implementing specific security standards that have been widely adopted in industry, federal agencies can ensure the integrity and confidentiality of internet-delivered data, minimize spam, and better protect users who might otherwise fall victim to a phishing email that appears to come from a government-owned system."