Email is the #1 way attackers target citizens and government employees.
Why it Works
Email lacks build-in authentication:
Attackers can easily spoof or impersonate anyone in your organization using free tools
Attackers need to be right just once:
With billions of emails hitting government inboxes, odds are in the attacker's favor
Email gateways can't solve the problem:
Attackers rely on social engineering tactics and identity deception, not malicious content or URLs that traditional tools were built to detect
DMARC functions like an ‘identity check’ for your agency. It prevents spammers and criminals from hijacking your valid organization domain names and brand for email.
What is DMARC?
DMARC (Domain-based Message Authentication Reporting & Conformance) is an open email authentication protocol, established in 2012 by organizations including Google, Microsoft, Agari, PayPal, and others to protect the email channel. DMARC is the best way for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t.
Benefits of Deploying DMARC for Your Agency
Stop email phishing attacks using your agency’s reputation
Reduce account takeover risk
Increase email deliverability
Gain visibility into cyberattack risk
“Business Email Compromise (BEC) attacks represent more than 50% of all incidents and this number has been doubling each year since 2017, which makes it especially noteworthy.”
Verizon Data Breach Report, 2023
Phishing…continue[s] to present threats to both the federal government and public at large.
U.S. Federal Information Security Management Act (FISMA)
The Federal Perspective
DMARC Enforcement Policies
What is a DMARC Enforcement Policy?
When you set a DMARC policy for your agency you, as an email sender, are indicating that your messages are protected.
The policy tells a receiver what to do if one of the authentication methods in DMARC passes or fails.
How it Works
When emails are received by the mailbox provider, the receiver checks if DMARC has been activated for your domain.
What Does a DMARC Policy Look Like?
Here’s a typical policy in DNS. Note that this domain is configured with a policy of ”reject”.
DMARC record for agari.com:
Steps to DMARC Implementation
How Do I Get Visibility and Reporting from DMARC?
Once your DMARC policy is implemented, you will start to receive thousands of reports every day, depending upon the number of emails your organization sends. Because it’s difficult to process the reports manually, you can work with a commercial vendor to display and process the data. Commercial software such as Agari DMARC Protection can help with DMARC policy creation and hosting, third-party sender identification and alignment, and ongoing visibility as you progress through your DMARC implementation. In fact, Fortra’s Agari DMARC Protection ensures companies reach Reject confidently and securely, boasting an enforcement rate of 78%.