• by Ray Schultz , October 9, 2018

Half of federal government domains will meet the October 16 deadline for employing the email security standard DMARC (Domain-based Message Authentication, Reporting and Conformance), according to a study by Valimail.

Of 1,315 federal government domains, 655 have fully complied with a Department of Homeland Security requirement that they employ DMARC policies.

In addition, Valimail found that 981 agencies — 75% — had deployed a DMARC record, up from 18.5% last year.

However, many still not achieved full enforcement compliance, and 25% have not adopted DMARC at all.

This time last year, only 4% of agencies had DMARC policies that blocked fake emails. The requirement was set by the Department of Homeland Security.

If Valimail is accurate, half of federal agencies have seven days to comply. 

The study also found that:

- 63% of the domains now in compliance are not used for email

- 91% of military domains lack DMARC records of any kind

- 42 agencies with four or more domains have 54% of their domains in compliance.

"Most federal agencies have responded admirably to the DHS directive from one year ago, issued in response to the historic explosion of phishing attacks and email impersonation exploits,” states Alexander García-Tobar, CEO and co-founder of Valimail.

But he adds that “agencies still have work to do in order to achieve full compliance and protection from fake email."