Report: Most agencies vulnerable to phishing

Federal Times: Nearly half of federal agency email domains have adopted policies to collect data on unauthorized emails, a move mandated by the Department of Homeland Security in October, according to a report by cybersecurity company Agari.

The new policies do not block malicious emails or prevent employees from receiving phishing emails, but instead allow email domain owners, such as CIOs, to receive reports on unauthorized messages sent through their domain.

The DHS mandate requires that all federal agencies adopt the Domain-based Message Authentication, Reporting and Conformance or DMARC monitoring policy at a level of “p=none” by Jan. 15. According to the frequently asked questions, a policy of “p=none” means that email domain owners receive reports on messages sent through their domain, but recipients still see the potentially malicious emails.

Read article