Less than half of agencies using DMARC nearing DHS deadline

The good news, though, is that agencies are making progress.
(Getty Images)

Just days away from a Department of Homeland Security deadline, more than half of all agencies still don’t use Domain-based Message Authentication, Reporting and Conformance, according to a new report.

According to research from email security provider Agari, only 47 percent of agencies have adopted DMARC, as it’s known — a security standard that stops people from impersonating others’ email domains.

Federal agencies have until Jan. 15 to adopt DMARC, as required by DHS’s Binding Operational Directive 18-01.

“DMARC has proven to be an effective solution to secure our federal domains, but more work is needed,” said Jeanette Manfra, assistant secretary for DHS’ Office of Cybersecurity and Communications, in a statement. “Deadlines are imminent. The time to act is now … It is crucial for U.S. citizens to trust that an email from a government agency is legitimate.”


The good news from the report is that agencies are making progress. The number of .gov domains with DMARC of the 1,106 subject to the order rose from 351 on Nov. 9 to 523 on Dec. 18.

“The increase in adoption is a smashing early success,” said Patrick Peterson, founder and executive chairman of Agari.

Read more about the adoption of DMARC and the deadline on CyberScoop.

Latest Podcasts