25% of Mail Claiming to Be from Federal Agencies is Fraudulent

A full quarter (25%) of email claiming to be from federal agencies is either fraudulent or otherwise unauthenticated, analysis has revealed.

In the wake of the US Department of Homeland Security mandating a move to DMARC for email security, Agari has been conducting research into federal adoption rates across 1,300 domains and the volume of fraudulent email for more than 400 federal customers.

When fully implemented, DMARC (short for Domain-based Message Authentication, Reporting & Conformance) virtually eliminates deceptive emails that impersonate an agency domain. The DHS said that agencies will have 90 days to move to the lowest level of the scheme (monitoring, or p=none), and one year to implement the highest level (reject, which blocks all unauthenticated messages from delivery).

However, Agari said that so far, only 9% of domains have implemented the authentication standard with a policy that blocks inauthentic emails, and nearly 82% of federal domains lack DMARC entirely.

Among the 400 government domains protected by Agari, cyber-criminals targeted 90% of them with deceptive emails that appear to come from a federal agency between April and October 2017. Of the 336.4 million emails appearing to be sent from these domains during that period, 85.6 million (25.4%) were fraudulent or otherwise failed authentication.

DMARC has been shown to make good on its goals: In one use case cited by Agari, DMARC prevented delivery of more than 100 million fraudulent email messages in 24 hours.

“DMARC has proven incredibly effective at combating phishing across billions of emails daily,” said Patrick Peterson, founder and executive chairman of Agari. “This DHS directive is an important step to protect our government, businesses and citizenry from cybercrime. 

What’s Hot on Infosecurity Magazine?