• by Jess Nelson , October 19, 2017

The U.S. government is finally taking steps to make its digital communication more secure. 

Federal agencies have three months to adopt stricter email security standards that help detect and prevent email phishing attacks, per an order issued by the Department of Homeland Security on Monday.

The order gave federal agencies 90 days to embrace DMARC, an email authentication protocol, and STARTTLS, an encryption technology that makes it more difficult for third-parties to intercept emails traveling between servers.

DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication, policy and reporting protocol. It builds upon exiting authentication measures like DKIM and SPF to, when properly implemented, detect and negate email impersonation scams.

Basically, DMARC makes email phishing more difficult because hackers are restricted to using non-protected domain names. 

Fewer than 10% of federal domains have fully implemented the DMARC protocol, according to a recent Global Cyber Alliance report, meaning that a majority of government entities are at risk of being impacted by email phishing attacks.

Democratic Senator Ron Wyden of Oregon sent an open letter to the Department of Homeland Security (DHS) in July calling on the U.S. government to adopt DMARC immediately to protect government agencies from phishing scams and email fraud.

“I write to ask you to take immediate steps to ensure that hackers cannot send emails that impersonate federal agencies,” begins Wyden’s letter. “Industry-standard technologies exist, and are already used throughout the private sector and even by a few federal agencies, which, if enabled, would make it significantly harder for fraudsters and foreign governments to impersonate federal agencies.”