Some agencies have yet to institute any of the basic DMARC email security policy required by the Department of Homeland Security, all while a second, more stringent deadline approaches.
The day after a Department of Homeland Security deadline for all federal agencies to implement a basic policy to protect email servers against malicious messages, just over half have actually done so, leaving the remainder still vulnerable.
Nearly half of agency email domains have adopted policies to collect data on unauthorized emails as mandated by an Oct. 16, 2017, Department of Homeland Security directive.
Some 25 percent of emails claiming to be from the federal government are either unauthenticated or malicious, according to a new report from cybersecurity firm Agari.