White House Email Domains in Danger of Cyber Attack (Learn More)

Only One of 26 Email Addresses Managed by Executive Office of the President Uses DMARC Security Protocol to Block Phishing, Global Cyber Alliance Finds
Only One of 26 Email Addresses Managed by Executive Office of the President Uses DMARC Security Protocol to Block Phishing, Global Cyber Alliance Finds

Over 95% of email domains managed by the Executive Office of the President (EOP) are in danger of being used in a large-scale phishing attack, according to research released today by the Global Cyber Alliance (GCA).

Only the Max.gov email domain has fully implemented the top defense against email phishing and spoofing.

Seven of the domains have implemented the Domain Message Authentication Reporting & Conformance (DMARC) protocol at the lowest level “none” which monitors email but does not prevent delivery of spoofed emails.

Additionally, GCA found that 18 of the 26 email domains under management haven’t started the deployment of DMARC.

Without DMARC implemented, scammers and criminals can easily “hijack” an email domain to steal money, trade secrets or even jeopardize national security.

(Learn More. MARC is the simple, trusted solution that brings together email authentication protocols, and adds reporting and compliance. In just a few easy steps, you can set up DMARC today to protect your organization from email fraud. Courtesy of the Global Cyber Alliance and YouTube. Posted on Jun 15, 2017)

DMARC weeds out fake emails (known as direct domain spoofing) deployed by spammers and phishers targeting the inboxes of workers in all sectors of society.

According to the 2017 Symantec Internet Security Threat Report (ISTR) report, 1 in 131 emails contained malware, the highest rate in 5 years.

(Learn More. The 2017 Internet Security Threat Report provides an overview and analysis of the year in global threat activity, compiled using data from the Symantec Global Intelligence Network, which our global cybersecurity experts use to identify, analyze, and provide commentary on emerging trends in the threat landscape. Courtesy of Symantec and YouTube. Posted on Jul 17, 2017)

Phil Reitinger, CEO of the Global Cyber Alliance (GCA)
Phil Reitinger, CEO of the Global Cyber Alliance (GCA)

“Email domains managed by the EOP are crown jewels that criminals and foreign adversaries covet,” explains Philip Reitinger, president and CEO of the Global Cyber Alliance.

“The lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed.”

“The good news is that four new domains have implemented DMARC at the lowest level, which I hope indicates that DMARC deployment is moving forward.”

“The EOP domains that have recently deployed DMARC at its lowest setting includes WhiteHouse.gov and EOP.gov, two of the most significant government domains.”

“I hope that the government will move rapidly to block phishing attempts across all EOP domains.”

Domains under the control of the EOP include Budget.gov, OMB.gov, WhiteHouse.gov, USTR.gov, OSTP.gov and EOP.gov, all of which are well-known email domains that are valuable for phishers looking to trick government employees, government contractors, and U.S. citizens.

USTR.govThe weak DMARC deployment by the EOP is surprising after the U.S. Department of Homeland Security (DHS) mandated that all federal agencies implement DMARC last year.

Security experts praised DHS and Senator Ron Wyden, who called for agencies to implement DMARC, for pushing government agencies to quickly implement DMARC at the highest level possible.

Using GCA’s DMARC tools, the researchers scanned the 26 EOP email domains with the following results:

DMARC Count

Effect at this level of implementation

Domains Tested

26

(The email domains of the Executive Office of the President)

Reject

1

The highest level of DMARC protection. If reject is in place, incoming messages that fail authentication get blocked.

Quarantine

0

The second highest level of DMARC protection. With quarantine in place, emails that don’t meet the policy are sent to the spam or junk folder.

None

7

None means that the DMARC policy is in place, but the only thing that’s happening is monitoring. No action is being taken to block spoofed emails.

No Policy

18

No policy means that DMARC is not in place. 

GCA has published five reviews of DMARC implementation – two looking at organizations in cybersecurity, one looking at banks, one examining public and private hospitals, and most recently a look at the top tax software providers.

Global Cyber Alliance logoWhen Agari looked at Fortune 500 companies last August, they found 8 percent protected their companies’ domains with DMARC.

To Learn More about DMARC or to check if an organization is utilizing DMARC, visit dmarcguide.globalcyberalliance.org.