Joanna Crews
A Valimail report noted that the government contracting industry has started to adopt cybersecurity requirements that federal agencies implement internally.
The email authentication company said Thursday the report resulted from its evaluation of the industry-standard Domain-based Message Authentication, Reporting & Conformance system in the available primary domains from the largest 100 government suppliers for fiscal year 2017.
Alexander Garcia-Tobar, Valimail co-founder and CEO, said the 46-percent DMARC adoption rate of the government contracting industry is comparably higher than with other sectors the company has assessed.
The company also studied the contractors’ implementation of the anti-impersonation technology and rated DMARC enforcement at five percent.
Garcia-Tobar noted that the enforcement rate reflects the need for both agencies and contractors to enhance the deployment of protection against cyberattacks such as impersonation.
The research involved the examination of the publicly accessible records for DMARC and Sender Policy Framework on the contractors’ Domain Name System.
Two of the sampled 100 contractors had no available domain names, five were deemed protected from the impersonation and spoofing of domain-based email and two had incorrectly configured DMARC records.
Valimail has found that 53 of the 100 contractors had no DMARC records while 38 had correct configurations but lacked an enforcement policy.
