<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=62700&amp;fmt=gif">
ValiMail
Valimail’s Email Authentication as a Service ™ gives you full control and visibility of your email services.

TOP STORIES

  1. Is Your Agency DMARC Compliant?
  2. U.S. Government DMARC Adoption Surges, Just Ahead of the Deadline
  3. Why Credit Companies and the IRS Won’t Send You Email

ValiMail
Valimail’s Email Authentication as a Service ™ gives you full control and visibility of your email services.

TOP STORIES

  1. Is Your Agency DMARC Compliant?
  2. U.S. Government DMARC Adoption Surges, Just Ahead of the Deadline
  3. Why Credit Companies and the IRS Won’t Send You Email

Valimail’s Email Authentication as a Service ™ gives you full control and visibility of your email services.

Federal Agencies Making Progress Toward DMARC Deadline

shutterstock_279894536.jpg

As of today, U.S. federal agencies officially have 30 days until the first major deadline from the Department of Homeland Security order that directs them to implement DMARC records on their domains.

The DHS issued its mandate, called Binding Operational Directive 18-01, just two months ago. It calls for all agencies to publish DMARC records in DNS by January 15, 2018, with at minimum a monitoring-only policy (p=none). Agencies have another nine months, until October 16, 2018, to get those policies to p=reject, which directs receiving mail servers to delete unauthorized messages using the protected domain.

Despite the short time window given to them and the lack of any funding to support this mandate, agencies are making progress. When the DHS issued BOD 18-01 on October 16, 81.5 percent of the 1,315 .gov domains had published no DMARC record at all, and only 3.9 percent were actually protected by an enforcement policy. 

gov domains on October 16

 Today, 189 more .gov domains have DMARC records than did in October, shrinking the number of domains with no record at all to 67.1 percent. And 9.5 percent are ahead of the game, with an enforcement policy in place. 

gov domains on December 12

Note: Our analysis is based on the canonical list of federal .gov domains published by GSA. It includes about 1,150 domains that belong to executive branch agencies, and the remainder of the list includes domains, such as senate.gov and house.gov (neither of which are fully protected by DMARC at enforcement) that are not covered by BOD 18-01.

However, progress is still not fast enough to meet the official deadlines. At the current rate, it’ll be a year before all of these domains have published DMARC records, and another 2-3 years before they’re protected by enforcement policies. 

valimail chart showing gov DMARC progress

Fortunately for federal agencies, the first step doesn't have to be difficult. Implementing DMARC with a minimal, monitoring-only policy (p=none) can be done with a simple, one-line text record in DNS, with no risk of interrupting the flow of legitimate mail. With that done, agencies will start collecting data on how their domains are being used for email, and they can begin to prepare for the next step, enforcement.

And ValiMail can help with both goals (inserting a DMARC record by January 15 and getting to p=reject by October 16), with our patented, automated DMARC management system, ValiMail Enforce. We have the highest proven success rate in getting companies to DMARC enforcement. Find out more about ValiMail for Government.

 

Dmarc DHS

ValiMail
Valimail’s Email Authentication as a Service ™ gives you full control and visibility of your email services.
The ValiMail Blog: Return to Sender

The ValiMail Blog: Return to Sender

Everything you ever wanted to know (but were afraid to ask) about email authentication DMARC, SPF, DKIM, and how they can stop fraud and phishing.