A new report by cybersecurity firm Agari has found that federal agencies’ adoption of an email authentication standard – Domain-based Message Authentication, Reporting & Conformance – rose 38 percent from Nov. 18 to Dec. 18, 2017.
Agari’s report attributed the increase in DMARC adoption to agencies’ compliance with a new binding operational directive the Department of Homeland Security announced in October, the company said Tuesday.
The BOD 18-01 policy requires agencies to implement by Jan. 15 DMARC, Hypertext Transfer Protocol Secure and STARTTLS security protocols in an effort to prevent the potential use of government email domains by phishers and scammers in cyber attacks.
The report also found that 96 percent of emails transmitted across over 400 federal agency domains adopt the p=reject DMARC policy.
Agencies such as the departments of Health and Human Services and Veterans Affairs saw the rate of attempted fraudulent emails declined to less than 2 percent in December.
During the 30-day period, federal domains that have adopted DMARC as p=none rose from 20 percent to 31 percent and those domains that have fielded DMARC to reject or quarantine unauthenticated emails jumped from 14 percent to 16 percent.
Some of the agencies that have recorded 100 percent DMARC deployment include VA, Federal Trade Commission and the Federal Communications Commission.