U.S. Government to mandate DMARC
This morning, news broke that the US Government has moved to mandate the use of DMARC to protect organisations and the public from emails being sent by fraudsters. The move follows the UK’s Government Digital Services Agency (GDS) who mandated that all UK government departments adopt DMARC at a full “p=reject” policy, by 1st October 2016.
Whilst Email is inherently insecure as a platform, DMARC has been widely acknowledged as the solution to the email fraud problem. DMARC enhances the pre-existing open stands SPF and DKIM by providing control, visibility and governance for an organisation’s sending domains.
The open letter published yesterday regarding the US Government’s move to mandate DMARC states:
“[DMARC], if enabled, would make it significantly harder for fraudsters and foreign governments to impersonate federal agencies. The threat posed by criminals and foreign governments impersonating U.S. government agencies is real.”
Major global organisations, such as Microsoft, Google, Apple, Facebook and 6 of the top 10 U.S. Banks have already deployed DMARC using the Agari Email Trust Platform. Locally, the Australian Department of Human Services earlier this year led the way by implementing Agari to protect the Australian public from fake Centrelink and Medicare scams that had been on the rise.
CEO of Australian Agari partner, InfoTrust, spoke of the trend:
“For years, organisations have tried and failed to deploy other protocols to lock down their domains. The problem has been visibility. DMARC has been a game changer – it’s been like turning a light on in a dark room.”
“For the first time, organisations get visibility into who is sending from their domains which enables confidence to lock down the domain with a “reject” policy without fear of business impacting loss of good email”.
CEO of Agari, said:
“Phishing, spear phishing and new Business Email Compromise (BEC) attacks use email to pose as government organisations or trusted brands and target the most vulnerable part of our defences: the human brain. In 95% of security breaches, cybercriminals use deceptive emails that trick users as the entry point into the organisation. The constant barrage of deceptive emails undermines trust in digital business and commerce, limiting growth. We have the technology and the open standards to eradicate phishing from Australia and around the world. It is incumbent on governments to lead by setting standards for cybersecurity and partner with private industry to achieve 100% adoption of DMARC. We are excited to have InfoTrust, with their extensive email security expertise, leading this effort in Australia using Agari.”
Earlier this year InfoTrust research of the Australian market found that very few organisations had deployed DMARC. In fact, only one ASX50 company has DMARC correctly configured with a reject policy.
Whilst overseas the story is very different, the proactive approach taken by the UK government has led to both the Public and Private sector adopting these controls to protect themselves and their customers.
“Locally, awareness is still low about DMARC. Many organisations are looking at SPF which has a number of inherent issues as explained in our blog which reduces its effectiveness. InfoTrust is working hard to raise awareness and help solve the exponential email fraud problem”.
see our
Related resources
CSO Magazine reports that new US autonomous vehicle guidelines position cybersecurity as a critical part of car safety. InfoTrust CEO, Dane Meah, provides commentary with regards to the Cyber Security concerns that should be considered:
Car manufacturers will be expected to present detailed plans for avoiding hacking of their self-driving cars under new US Department of Transportation guidelines designed to preserve safety in a sector whose massive momentum is already making it a target for hackers both curious and malicious.
As InfoTrust approaches its 7th anniversary, we are excited to announce significant changes as we grow our foothold in the cybersecurity market and look ahead to future expansion. Co-founders Dane Meah and Simon McKay will be stepping into Board positions while welcoming a new CEO, Keith Buckley to run the day-to-day operations and fuel the next stage of growth.
Buckley brings with him several decades of experience in the technology sector for companies including Dell, Symantec, McAfee, Riverbed and most recently Citrix, with a strong track record of taking established businesses to the next level.
InfoTrust is thrilled to announce our Consulting Services Manager, Emad Shahidi, has been certified by the Australian Signals Directorate’s (ASD) Information Security Registered Assessors Program (IRAP). This endorsement signifies Emad’s ability to deliver security maturity assessments to the highest standard set by the ASD.
An IRAP assessor provides security maturity assessments and advice to Australian Government agencies and their third parties. There are a small number of IRAP within Australia and we’re delighted that Emad has joined the ranks of these consummate professionals.
IRAP services include security assessment against the Australian Information Security Manual (ISM) for the following areas:
Following on from Australian Prime Minister, Scott Morrison’s announcement the morning of Friday 19th June. InfoTrust has provided advice to media outlets and the general public on what they, and Australian businesses, can be doing to protect themselves against cyber attacks. Although this is not new information to many organisations, who generally have a good understanding of the cyber threats they face. The key message from the announcement was that the increased frequency, and sophistication of these attacks from a state-sponsored actor against the Australian government and businesses is of concern. The advice from the Government is to ensure you remain vigilant and cautious of any digital communication and interaction online.
I’m excited to be attending tonights awards ceremony where InfoTrust have been nominated as a finalist (in the Customer Value category) at the 2019 ARN Innovation Awards.
This recognition is particularly sweet for the InfoTrust team; a validation of the relentless focus we have towards Customer Value, or as we prefer to call it, “Customer Love”. From our inception, the focus has always been on driving customer value through an engagement model we refer to as “The InfoTrust Way”.
Updated 16th June 2022
Cybersecurity practice InfoTrust, has enhanced its industry leading Cloud Security portfolio by partnering with Identity and Access Management (IAM) market leader Okta to offer their multi-factor authentication (MFA) and Single Sign-On (SSO) solutions.
This offering meets a real need for Australian organisations. Although IAM technologies are not new, data from Using IAM in the Age of Megabreaches report from Okta shows that 43% of security professionals worry that inconvenient authentication controls are being ignored/subverted and 33% believe there is a lack of IAM policies within their organisation.
We're Here To Help