The Department of Homeland Security (DHS) announced Monday that it would increase security for anyone receiving email from federal agencies or visiting a federal website.
At a meeting coordinated by DHS, the New York District Attorney’s Office and the Global Cyber Alliance, Assistant Secretary Jeanette Manfra announced the department would issue a binding directive requiring agencies to use two security protocols — DMARC, which prevents fraudsters from sending fake emails, and HTTPS, which encrypts web traffic.
“Both the government and our citizens … deserve a trusted relationship,” said Manfra.
{mosads}Email allows anyone sending a message to claim messages are sent from any email address they would like. There is no guarantee that an email that says it is from “irs.gov” is actually from the “irs.gov” server. But if an agency runs DMARC, email recipients can automatically double check that emails are actually sent from addresses they say they were sent by. The agencies can direct all mislabeled emails to be sent to spam.
In July, Sen. Ron Wyden (D-Oregon) sent a letter to Manfra asking that DHS require agencies to use DMARC.
HTTPS provides encrypted communications between a user and a server, preventing attackers from eavesdropping or changing communications.
Agencies will have 90 days to implement DMARC and 120 days to upgrade to HTTPS.