DHS orders agencies to adopt DMARC email security

(DHS photo by Jetta Disco / Flickr)


Written by

The Department of Homeland Security issued an order Monday for federal agencies to adopt a form of email security that guards against spam and phishing.

CyberScoop’s Shaun Waterman reported that Assistant Secretary for Cybersecurity and Communications Jeanette Manfra issued a binding operational directive from New York requiring federal agencies within 90 days to implement Domain-based Message Authentication, Reporting and  Conformance (DMARC) for their email systems.

“It’s a real sign that DHS and the federal government are stepping up and leading by example,” said Phil Reitinger, CEO of the Global Cyber Alliance — a non-profit that advocates for internet security.

DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a hacking technique used in both crime and espionage, in which an email appearing to a come from a trusted friend or company provides an infected attachment or directs readers to a website where login and password credentials can be stolen.

In a recent survey, 135 federal email domains had DMARC deployed, out of a total of 1315 .gov domains. But fewer than half of those have it actually activated.

Read more about DHS’s directive on CyberScoop. 

-In this Story-

CyberScoop, Department of Homeland Security (DHS), DMARC