Agari: Most agencies on track for DMARC deadline

Most federal agency web domains are on track to meet a requirement that protects them from email spoofing, according to a report from email security company Agari. The requirement in question is Domain-based Message Authentication, Reporting and Conformance (DMARC), a policy that gives network administrators more visibility and control over how their domain is being used with regard to email. Without it, malicious actors can send emails that appear to be from a trusted source, such as a .gov website, to unsuspecting victims. The Department of Homeland Security issued a binding operational directive (BOD) in October 2017 that required all agencies to protect their domains with the highest level of DMARC within one year. With the deadline less than three months away, Agari reports that most domains are on track to meeting the requirements, and just over half have already done so. DMARC can be implemented on three levels of […]

The post Agari: Most agencies on track for DMARC deadline appeared first on Cyberscoop.

Continue reading Agari: Most agencies on track for DMARC deadline

DHS orders feds to adopt DMARC email security

The Department of Homeland Security is using new powers to order federal agencies to adopt a form of email security that guards against spam and phishing. A DHS Binding Operational Directive announced Monday in New York City by Assistant Secretary for Cybersecurity and Communications Jeanette Manfra gives federal agencies 90 days to implement Domain-based Message Authentication, Reporting and  Conformance (DMARC) for their email systems. “It’s a real sign that DHS and the federal government are stepping up and leading by example,” said Phil Reitinger, CEO of the Global Cyber Alliance — a non-profit that advocates for internet security. DMARC is the industry standard measure to prevent hackers from spoofing emails — making their messages appear as if they’re sent by someone else. Spoofing is the basis of phishing, a hacking technique used in both crime and espionage, in which an email appearing to a come from a trusted friend or company provides an infected attachment or directs readers to a website where login and […]

The post DHS orders feds to adopt DMARC email security appeared first on Cyberscoop.

Continue reading DHS orders feds to adopt DMARC email security

Cybersecurity vendors lag badly on DMARC email security, survey shows

Only 1 in 4 of the cybersecurity companies exhibiting at the celebrated Black Hat conference this week have implemented a set of best practices to prevent email spoofing and phishing, according to figures from the nonprofit Global Cyber Alliance. In a release Wednesday, GCA said that 73 percent of the 268 exhibitors had not deployed Domain-based Message Authentication, Reporting and Conformance, or DMARC — a set of email protocols that prevents spammers, phishers and other cybercriminals from using an organization’s name and email domain to conduct hacking attacks. Of the 72 exhibitors using DMARC, only six — just 2 percent — have fully deployed it so that it stops spoofed email from being delivered. Lower level implementations of DMARC warn an organization that their email domain is being spoofed — and can help spoofed mail get blocked by spam filers — but don’t prevent it from being delivered. “A lot of [security vendors] clearly are […]

The post Cybersecurity vendors lag badly on DMARC email security, survey shows appeared first on Cyberscoop.

Continue reading Cybersecurity vendors lag badly on DMARC email security, survey shows