Cybersecurity

Most government domains adopt program to prevent sending of fake emails

The majority of federal domains met a deadline to adopt an email authentication program aimed at preventing fake emails from being sent, according to an analysis by the cybersecurity firm Proofpoint.

The Department of Homeland Security announced last October that all federal agencies had until Oct. 16, 2018, to adopt the email authentication process, known as domain-based message authentication, reporting and conformance (DMARC), which blocks fake or spoofed emails being sent from a government domain.

{mosads}The fake emails can give the appearance that they were sent from someone at the federal agency.

Proofpoint found that 60.5 percent of the federal domains were compliant with the order, and that 74 percent had published DMARC records. That means 26 percent of government domains failed to meet the deadline.

Robert Holmes, vice president of email security at Proofpoint, wrote in a blog post that the percentage of compliant sites “is a significant achievement as many agencies did not have this initiative in their plans/budgets when the mandate was announced and DMARC implementation can be complex.”

The firm last year found that about 12.4 percent of emails sent from government domains were unauthorized. At that time, about 20 percent of domains had implemented the authentication process.

“Ideally, we will continue to see this positive trend until each agency fully protects their domains from email spoofing attacks,” Holmes wrote.

An Office of Management and Budget review earlier this year found that almost 75 percent of federal agencies are vulnerable to cyberattacks.

Lawmakers have taken some steps toward improving federal cybersecurity. The House last month passed a bill that would codify the Continuous Diagnostics Mitigation program at the Department of Homeland Security that aims to protect federal networks from cyberattacks. A companion bill has been introduced in the Senate.