DHS orders agencies to adopt DMARC email security
The Department of Homeland Security issued an order Monday for federal agencies to adopt a form of email security that guards against spam and phishing.
CyberScoop’s Shaun Waterman reported that Assistant Secretary for Cybersecurity and Communications Jeanette Manfra issued a binding operational directive from New York requiring federal agencies within 90 days to implement Domain-based Message Authentication, Reporting and Conformance (DMARC) for their email systems.
“It’s a real sign that DHS and the federal government are stepping up and leading by example,” said Phil Reitinger, CEO of the Global Cyber Alliance — a non-profit that advocates for internet security.
DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a hacking technique used in both crime and espionage, in which an email appearing to a come from a trusted friend or company provides an infected attachment or directs readers to a website where login and password credentials can be stolen.
In a recent survey, 135 federal email domains had DMARC deployed, out of a total of 1315 .gov domains. But fewer than half of those have it actually activated.
Read more about DHS’s directive on CyberScoop.