By Phil Reitinger
Ten days ago, on April 3, the Global Cyber Alliance released a study that only one of 26 domains managed by the Executive Office of the President (EOP) had deployed DMARC to block spoofed phishing emails. These EOP domains are crown jewels that criminals and foreign adversaries covet. Without DMARC implemented, scammers and criminals could hijack an email domain to steal money, trade secrets or even jeopardize national security.
DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society.
In only ten days, the situation has changed dramatically. Now six of the 26 EOP domains have implemented DMARC at its highest level (p=reject) to prevent delivery of spoofed phishing emails. The domains now at “reject” include OMB.gov, a very important domain, and CYBERSECURITY.gov.
In total, the White House has now implemented DMARC in some form on 50% of the EOP domains, up from 30%. Congratulations are due on this significant work, especially in the days leading up to the RSA Security Conference. It’s time for industry to step up as well.
And when we see WHITEHOUSE.gov and EOP.gov move to reject as well, we will let everyone know about it.