Questions? Feedback? powered by Olark live chat software

Blog

Federal Government DMARC Adoption Surges Ahead of DHS BOD 18-01 Deadline, but More Work Remains

The first deadline for the Department of Homeland Security Binding Operational Directive (BOD) 18-01 has passed and 63 percent of federal agencies have deployed DMARC, up from 18% when the directive was announced three months ago. BOD 18-01 was announced by DHS Assistant Secretary of Cybersecurity and Communications Jeanette Manfra on October 14, 2017. The mandate requires federal domains to improve email hygiene and traffic encryption through the adoption of DMARC and STARTTLS. January 14, 2018 marks the first 90 day deadline to deploy the basic DMARC monitoring policy of “p=none.”

Read More

Email Security and the New DHS Directive 18-01

BOD 18-01 is a tremendous step forward for the federal government and our citizenry. For too long criminals and nation states have acted with impunity, impersonating the identity of trusted federal agencies to defraud our citizens or commit espionage. By mandating the prevention of spoofing government agencies, DHS will have raised the bar for all malicious actors in attacking us all.

Read More

How to Create an Agency Plan of Action for BOD 18-01

The Department of Homeland Security binding directive (BOD 18-01) outlines several milestones that agencies must meet in order to show progress and, ultimately, compliance with the directive. The first of those milestones (due on November 15th, 2017) is to create an Agency Plan of Action for BOD 18-01 outlining how the agency would implement the requirements of […]

Read More

The DMARC Mandate: How to Protect Citizens from Cyber Crime

Approximately 70% (by volume) of all private sector email is protected by DMARC. Unfortunately, US government have been slow to adopt this crucial email security standard. As of November 2017, only 32% of federal agency domains had published a DMARC policy to comply with the DHS mandate. This leaves government agencies and their constituents vulnerable*. Agari’s data shows that 25% of all emails sent from government domains are unauthenticated and potentially malicious. Despite these sobering statistics, there have been early adopters within the government sector who are paving the way and setting an example for those who follow.

Read More

Mailsploit: The DMARC Sky is not Falling

If you are in the email business, the big story today is Mailsploit, a collection of email client bugs that threatens to undermine DMARC and render Secure Email Gateways (SEGs) obsolete. In other words, the end of the world is upon us, and we should all go back to using smoke signals or march forward […]

Read More

DHS’ BOD 18-01 for Email Security: What You Need to Know

Are you ready for Binding Operational Directive 18-01? On October 16, 2017, the Department of Homeland Security (DHS) issued this directive in order to implement better security protocols on government emails. The DHS BOD 18-01 is a compulsory directive to all federal departments and agencies. Among the measures mandated in BOD 18-01 is a requirement […]

Read More