Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
eWEEK.com
Search
eWEEK.com
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity

    US Gov’t Outpacing Enterprises in Adopting DMARC Email Security Policy

    By
    SEAN MICHAEL KERNER
    -
    July 27, 2018
    Share
    Facebook
    Twitter
    Linkedin
      email security

      Eighty-one percent of U.S. government agency domains have now enabled the DMARC email security standard, according to a new report released on July 26 by email security firm Agari.

      Domain-based Message Authentication, Reporting and Conformance, or DMARC, includes several technical components that are intended to help protect the integrity and authenticity of email. U.S. government agencies were mandated by the Department of Homeland Security (DHS) to implement DMARC as part of the 18-01 binding operational directive that was announced in October 2017.

      “The 81 percent result is fantastic and has blown away our expectations,” Patrick Peterson, founder and executive chairman of Agari, told eWEEK.

      Agari has been tracking the adoption of DMARC by government agencies over the past year. In November 2017, Agari found that DMARC adoption within the U.S. government was at 34 percent of federal agencies. That number grew to 47 percent by December.

      DMARC was designed to be deployed in stages, according to Peterson. The first stage, p=none, enables organizations to monitor their email ecosystem, identify authorized third-party senders and tune their DMARC policy before moving to “p=quarantine,” which sends messages to the spam folder, and ultimately to “p=reject,” which blocks messages completely.

      “DMARC p=none is trivial to implement. You could do it in five minutes,” Peterson said. “The challenge is to move from ‘none’ to ‘reject’ because all unauthenticated email will be rejected by the recipient with a ‘reject’ policy.”

      The DHS directive has set Oct. 16 as the deadline for all agencies to not only support DMARC but to enforce a reject policy as well. Agari found that 52 percent of government agencies now support the DMARC reject requirement. Most enterprises have dozens of third-party and cloud services that send email on their behalf, and with DMARC each one of these has to have its email authenticated, Peterson said. He noted that while Agari has helped hundreds of thousands of domains do this successfully, it does require a project and technology change. 

      “This is extraordinary adoption when compared to the private sector, where only about one-third of the Fortune 500 have a DMARC policy and only 5 percent have moved to reject,” Peterson said. “It’s great to see the government leapfrogging industry for a change.”

      Moving to the reject policy from the none DMARC policy is a key challenge, though Peterson noted that in January only 15 percent of executive branch domains were at reject, so there has been incredible traction in moving from none to reject. 

      “The lesson that enterprises should learn is to just deploy DMARC at p=none and to take their time moving to reject,” he said.

      It’s not clear if full DMARC implementation will be achieved by all government agencies by the deadline. However, overall, government efforts have had a concrete impact on email security, Petersen said.

      “One hundred percent adoption of DMARC by the deadline seems unlikely, but that does not mean that agencies will not be in compliance since BOD 18-01 provides an alternative path—agencies can provide DHS with a written plan for their DMARC implementation,” he said.

      Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      CHRIS PREIMESBERGER - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      CHRIS PREIMESBERGER - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      EWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      ZEUS KERRAVALA - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      WAYNE RASH - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Info

      © 2020 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×