BOD 18-01 drives three-quarters of executive branch domains to deploy DMARC as of July 2018; More than half of executive branch domains reach “p=reject” three months ahead of October deadline
FOSTER CITY, Calif. – July 26, 2018 – Agari, the leading predictive AI solution to protect the cloud inbox from advanced phishing attacks, today announced the publication of its “July 2018 BOD 18-01 Progress Report,” which reveals more than three-quarters (81 percent) of the 1,144 executive branch domains required to comply with the United States Department of Homeland Security (DHS) Binding Operational Directive (BOD) 18-01 have deployed DMARC. Three months ahead of the October 16, 2018 deadline, more than half (52 percent) of the 1,144 executive branch domains required to comply with BOD 18-01 have implemented a “p=reject” policy, which prevents unauthorized email from being sent.
“The progress made by the U.S. Federal Government is encouraging. I commend DHS for their leadership on this effort and look forward to seeing the final results in October,” said Philip Reitinger, president and CEO of the Global Cyber Alliance. “The private sector should take note of this effort and follow suit.”
DHS announced BOD 18-01 on October 16, 2017, during a Global Cybersecurity Alliance (GCA) event in New York City. BOD 18-01 mandates that all federal domains implement DMARC, TLS and HTTPS to prevent domain name spoofing and to secure email communication. BOD 18-01 requires federal executive branch departments and agencies to implement DMARC at its highest setting (p=reject), by October 16, 2018.
Agari previously reported that 63 percent of executive branch federal agencies had deployed DMARC to meet the original 90-day deadline in January. As of January 16, 2018, only 18 percent of executive branch domains had implemented a “p=none” policy; as of July 15, 2018 more than half (52 percent) of executive branch domains had reached this milestone. However, 19 percent of executive branch domains still have no DMARC record and 26 percent have not progressed past the monitoring policy (p=none), leaving almost half of executive branch domains vulnerable to domain name spoofing.
“BOD 18-01 has been an incredible initiative for the United States government since federal DMARC adoption now greatly outpaces private industry,” said Patrick Peterson, founder and executive chairman, Agari. “However, almost half of executive branch domains are still unable to prevent unauthorized emails from being sent on their behalf, so there is still concern and uncertainty when it comes to authenticating the identity of email senders.”
Download the updated report: “July 2018 BOD 18-01 Progress Report“
Agari is the leading predictive AI solution to protect the cloud inbox from advanced email and phishing attacks. Winner of Best Email Security Solution by SC Magazine in 2018, the Agari Email Trust Platform™ prevents ransomware, ATO, phishing, BEC and other identity deception attacks, restoring trust to digital channels for businesses, governments, and consumers worldwide. Learn more at www.agari.com.
# # #