In a survey of 50 major federal IT contractors, only one – analytics firm Engility – has fully implemented DMARC, an important email security measure to guard against phishing.
Only one other contractor – engineering firm and consultancy TetraTech – was implementing the second-highest DMARC control, in which phishing emails are quarantined rather than rejected. Meanwhile, more than half the contractors had yet to implement any DMARC policy whatsoever.
Phishing is one of hackers’ favorite tools for breaching a network. DMARC fights phishing by creating a public record for checking whether an email sender is authorized to transmit a message on behalf of a domain.
The federal government has been trying to defend against phising for years. A Department of Homeland Security directive gave federal agencies until January 15 to implement DMARC, and some agencies are still struggling to comply.