A month later, agencies still lagging, vulnerable in move to DMARC

FedScoop: More than a third of federal agencies still have not adopted Department of Homeland Security-mandated security measures that stop attackers from spoofing email, according to an analysis of public records. And worse, many have misconfigured it.

As of Feb. 22, just 180 .gov domains — or 58 percent of the 311 .gov domains reviewed by Easy Solutions — had a policy for Domain-based Message Authentication, Reporting and Conformance, which DHS required as of Jan. 15.

Of those, nearly 30 are still vulnerable to subdomain spoofing because they haven’t set a proper subdomain policy.

Read article

Share