DMARC for the Government

Accelerating DMARC implementation to maintain government compliance is critical. 

Enhance Email Security with DMARC Email Authentication

Imposters Pose a Threat

Fraudsters often pose as government agencies using spear phishing to impersonate a specific person at a government body or public agency. Threats have become increasingly sophisticated.

This is just one reason the US Department of Homeland Security (DHS) issued BOD-18-01 back in 2017, requiring Federal agencies to implement DMARC as a mechanism to thwart government impersonation. It's also the reason that the National Cyber Security Centre (NCSC) also requires the Mail Check tool authentication. 

Many agencies have met the deadline, however there are still a number that continue to struggle with email systems that are notoriously complicated–making it difficult to identify all authorized and unauthorized senders. It doesn't have to be with Fortra DMARC Protection!

Threat engagement and disruption
how-organizations-can-use-threat-intelligence-feeds

Set Your DMARC-ations

Fortra stays one step ahead of fraudsters because it understands the identity and trust relationships behind the email message. Our solutions know what good emails and sender behavior looks like, so we can stop the bad.

Financial institutions use Fortra to fully-automate DMARC implementation. This accelerates deployment, reduces time to enforcement and helps them stay there.

Fortra also protects staff from disruptive advanced email attacks and supports the Security Operations Center with workflow automation for incident response.

Why Government Email Is Still a Prime Target for Attacks

Email is the #1 way attackers target citizens and government employees. 

What's Broken?

Email lacks build-in authentication:
Attackers can easily spoof or impersonate anyone in your organization using free tools

Attackers need to be right just once: 
With billions of emails hitting government inboxes, odds are in the attacker's favor

Email gateways can't solve the problem:
Attackers rely on social engineering tactics and identity deception, not malicious content or URLs that traditional tools were built to detect

fta-email-sec-dmarc-image

Stronger Protection for Government Email

federal-agencies-with-dmarc-adoption-logos-square-text-bottom.png
Government Agencies with DMARC Adoption

Fortra stays one step ahead of fraudsters because it understands the identity and trust relationships behind the email message. Our solutions know what good emails and sender behavior looks like, so we can stop the bad.

Financial institutions use Agari to fully-automate DMARC implementation. This accelerates deployment, reduces time to enforcement and helps them stay there.

Fortra also protects staff from disruptive advanced email attacks and supports the Security Operations Center with workflow automation for incident response.

DMARC for Government

The Public Sector Perspective

file-with-shield-and-checkmark-icon

The NCSC recommends DMARC records in place for all domains, regardless of whether the domain is used for email or not.

cyber-threat-advanced-alerting-and-reporting-icon

The NCSC’s Cyber Assessment Framework (CAF) recommends a DMARC policy of Reject (“p=reject”).

email-security-icon

The Government Digital Service (GDS) requires that all government departments adopt DMARC with the strongest DMARC policy (“p=reject”).

 

The Federal Perspective

desktop-monitor-icon

The Department of Homeland Security (DHS) has mandated adoption of DMARC on all government agency email domains.

fta-intelligence-assessments-icon

DMARC (and email authentication) is evolving into a key metric that impacts the FISMA scorecard against your agency.

email-froud-phish-icon

NIST recommends using DMARC authentication tools to provide protection against phishing (SP 800-177, Trustworthy Email, Section 4.6).

Additional Benefits of DMARC

Stop Email Phishing Attacks Using Your Agency's Reputation

Agencies reduce the likelihood that their domains and brand will be used in an attack.

Reduce Account Takeover Risk

By preventing delivery of phishing and malware-laden messages directed at your employees or constituents, you can reduce the number of account takeovers.

Increase Email Deliverability

By deploying DMARC, you ensure that legitimate email from your agency gets delivered and is not blocked at the receiver.

Gain Visibility Into Cyberattack Risk

Do you know every third-party company that sends email on behalf of your agency? DMARC provides this critical visibility, allowing you to ensure that anyone sending on your behalf complies with email best practices.

Fortra's Email Security Products

Fortra DMARC Protection

Automate DMARC email authentication and enforcement to prevent brand abuse and protect your consumers from costly phishing attacks.
Fortra Cloud Email Protection

Integrated cloud email security platform that combines AI, threat intelligence, and automated remediation to stop threats that bypass traditional defenses.
Fortra Secure Email Gateway

Full-featured gateway that delivers spam protection, anti-phishing, sandboxing, DLP, and other capabilities in an on-premises or virtual appliance.

DMARC FAQs

DMARC (Domain-based Message Authentication Reporting & Conformance) is an essential email authentication protocol that enables administrators to prevent hackers from hijacking your domains for email spoofing, executive impersonation, and spear phishing. DMARC is the best way for email senders and receivers to determine whether or not a given message is legitimately from the sender, and what to do if it isn’t.

When you set a DMARC policy for your agency you, as an email sender, are indicating that your messages are protected.
The policy tells a receiver what to do if one of the authentication methods in DMARC passes or fails. 

When emails are received by the mailbox provider, the receiver checks if DMARC has been activated for your domain.

dmarc-enf-policy

Here’s a typical policy in DNS. Note that this domain is configured with a policy of ”reject”. 

DMARC record for agari.com:

dmarc_record_example

Once your DMARC policy is implemented, you will start to receive thousands of reports every day, depending upon the number of emails your organization sends. 

Because it’s difficult to process the reports manually, you can work with a commercial vendor to display and process the data. Commercial software such as Fortra DMARC Protection can help with DMARC policy creation and hosting, third-party sender identification and alignment, and ongoing visibility as you progress through your DMARC implementation. In fact, Fortra DMARC Protection ensures companies reach Reject confidently and securely, boasting an enforcement rate of 78%.

Fortra DMARC Protection

Learn about Fortra DMARC, how it works, the features, and take the product tour here.

Get Demo