Market Overview

Agari Research Reveals BOD 18-01 Continues to Compel Federal DMARC Adoption

Share:

BOD 18-01 drives three-quarters of executive branch domains to deploy
DMARC as of July 2018;

More than half of executive branch domains reach "p=reject" three
months ahead of October deadline

Agari,
the leading predictive AI solution to protect the cloud inbox from
advanced phishing attacks, today announced the publication of its "July
2018 BOD 18-01 Progress Report," which reveals more than three-quarters
(81 percent) of the 1,144 executive branch domains required to comply
with the United States Department of Homeland Security (DHS) Binding
Operational Directive (BOD) 18-01 have deployed DMARC. Three months
ahead of the October 16, 2018 deadline, more than half (52 percent) of
the 1,144 executive branch domains required to comply with BOD 18-01
have implemented a "p=reject" policy, which prevents unauthorized email
from being sent.

"The progress made by the U.S. Federal Government is encouraging. I
commend DHS for their leadership on this effort and look forward to
seeing the final results in October," said Philip Reitinger, president
and CEO of the Global Cyber Alliance. "The private sector should take
note of this effort and follow suit."

DHS announced BOD 18-01 on October 16, 2017, during a Global
Cybersecurity Alliance (GCA) event in New York City. BOD 18-01 mandates
that all federal domains implement DMARC, TLS and HTTPS to prevent
domain name spoofing and to secure email communication. BOD 18-01
requires federal executive branch departments and agencies to implement
DMARC at its highest setting (p=reject), by October 16, 2018.

Agari
previously
reported that 63 percent of executive branch federal
agencies had deployed DMARC to meet the original 90-day deadline in
January. As of January 16, 2018, only 18 percent of executive branch
domains had implemented a "p=none" policy; as of July 15, 2018 more than
half (52 percent) of executive branch domains had reached this
milestone. However, 19 percent of executive branch domains still have no
DMARC record and 26 percent have not progressed past the monitoring
policy (p=none), leaving almost half of executive branch domains
vulnerable to domain name spoofing.

"BOD 18-01 has been an incredible initiative for the United States
government since federal DMARC adoption now greatly outpaces private
industry," said Patrick Peterson, founder and executive chairman, Agari.
"However, almost half of executive branch domains are still unable to
prevent unauthorized emails from being sent on their behalf, so there is
still concern and uncertainty when it comes to authenticating the
identity of email senders."

Download the updated report: "July
2018 BOD 18-01 Progress Report
"

About Agari

Agari is the leading predictive AI solution to protect the cloud inbox
from advanced email and phishing attacks. Winner of Best Email Security
Solution by SC Magazine in 2018, the Agari Email Trust Platform™
prevents ransomware, ATO, phishing, BEC and other identity deception
attacks, restoring trust to digital channels for businesses,
governments, and consumers worldwide. Learn more at www.agari.com.

View Comments and Join the Discussion!