usa flag

NEW YORK and FOSTER CITY, Calif.– September 20, 2018 – Agari, the leading predictive AI solution to protect the cloud inbox from advanced phishing attacks, today announced the publication of its September 2018 BOD 18-01 Progress Report, which reveals almost two thirds (64 percent) of the 1,144 executive branch domains required to comply with BOD 18-01 have implemented a “p=reject” DMARC policy, which prevents unauthorized email from being sent.  With less than one month until the October 16, 2018 deadline, the Global Cyber Alliance (GCA) is providing a DMARC Setup Guide.

“The leadership shown by DHS has driven a concerted effort across the federal government to fully deploy DMARC, better securing U.S. Government email domains and protecting anyone who might receive email from them,” said Philip Reitinger, President and CEO of GCA. “Work remains to be done, and we look forward to full implementation by U.S. government agencies, greater adoption of DMARC by federal contractors and other businesses, and increased DMARC use by governments around the world.”

On October 16, 2017, during a GCA event in New York City, the Department of Homeland Security announced the publication its Binding Operational Directive (BOD) 18-01, which requires all federal executive domains to protect its email and websites with DMARC, TLS and HTTPS. The mandate requires all federal executive branch departments and agencies to implement DMARC at its highest policy (p=reject) before October 16, 2018. When operating at its most secure level, DMARC protects an organization’s email domain from being spoofed. DMARC combats certain techniques often used in phishing and email spam, such as emails with forged sender addresses that appear to originate from legitimate organizations.

Federal executive branch domains have demonstrated ongoing progress implementing “p=reject” ahead of the deadline, increasing from 52 percent in July 2018 to 64 percent in September 2018. However, among the 417 federal executive branch domains that have not implemented a “p=reject” policy, 89 percent are actively sending email, which could hinder final compliance efforts.

“It is incredibly satisfying to see that nearly two thirds of federal executive branch domains have implemented DMARC at its strongest protection – BOD 18-01 has been a massive success,” said Patrick Peterson, founder and executive chairman, Agari. “Despite this tremendous undertaking, one third of domains remain unprotected, so this last mile will require a massive sprint to meet the deadline.”

Download the updated report: September 2018 BOD 18-01 Progress Report

Get Started with the Global Cyber Alliance DMARC Setup Guide

About GCA

The Global Cyber Alliance (GCA) is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world. We achieve our mission by uniting global communities, implementing concrete solutions, and measuring the effect.  Learn more at

About Agari

Agari is the leading predictive AI solution to protect the cloud inbox from advanced email and phishing attacks. Winner of Best Email Security Solution by SC Magazine in 2018, the Agari Email Trust Platform™ prevents ransomware, ATO, phishing, BEC and other identity deception attacks, restoring trust to digital channels for businesses, governments, and consumers worldwide. Learn more at

# # #

Media Contact:
Clinton Karr
(415) 993-1010