Agari said Thursday it analyzed at least 1,300 federal agency domains to determine whether they have Domain-Based Message Authentication, Reporting and Conformance policies in place and found that 82 percent of those domains do not implement DMARC.
The report also showed that 25.4 percent of the 336.4 million emails that claimed to be from government agencies were either unauthorized or deceptive.
Agari issued the report days after the Department of Homeland Security released a binding operational directive that requires agencies to deploy the DMARC protocol for emails within the next 90 days to prevent the use of government domains by phishers and other cyber threat actors.
Patrick Peterson, Agari founder and executive chairman, said DMARC works to counter phishing across billions of emails on a daily basis.
“This DHS directive is an important step to protect our government, businesses and citizenry from cyber crime,” Peterson added.