DMARC Email Authentication: What Federal Agencies Need to Know
Category : Forcepoint
Domain-based Message Authentication, Reporting and Conformance (DMARC) is an email authentication policy and reporting protocol designed to detect and prevent email phishing and spoofing.
What is DMARC, who does it affect, why is it important and when are the key deadlines? Read our infographic to find out more.
Organizations using DMARC can specify what happens to unauthenticated inbound messages: they can be monitored but still delivered to the recipient’s inbox (ALLOW); moved to the spam or junk folder (QUARANTINE); or their delivery can be blocked completely (REJECT).
At minimum, U.S. Government agencies must implement a DMARC policy that is set to “allow” by January 16th, 2018; at least one address must be configured to receive aggregate and/or failure reports by this date. The DMARC policy must be set to “reject” all unauthenticated inbound emails by October 15th, 2018.
In the same timeframe, DHS is requiring all second-level agency domains to have valid DomainKeys Identified Mail (DKIM) records, which enables validation of a domain name identity through cryptographic authentication.
Manage DMARC Requirements with Forcepoint Email Security
Forcepoint Email Security enables quick and seamless DMARC compliance right out of the box. Users gain the ability to check all inbound email for DMARC validation and easily set policies to “allow,” “quarantine” or “reject.” Forcepoint Email Security also manages all DKIM signing for outbound email messages, to achieve full compliance with DMARC standards.
Scalable for agencies of any size, Forcepoint Email Security offers cloud, on-premises and hybrid deployment options, and is now available on the FedRAMP marketplace.