White House quickly improves email security after report
Less than two weeks after a report showed that only one of 26 web domains managed by the Executive Office of the President fully implemented a required email security protocol that prevented fraud, five more domains have implemented that protocol, according to the Global Cyber Alliance, a cybersecurity advocacy group.
Why it matters: That protocol, known as DMARC, prevents fraudulent emails that appear to be from White House accounts from showing up in would-be victims's inboxes. Fake White House emails could be used in scams or to stir up diplomatic or political trouble.
The details: Last year, the Department of Homeland Security issued a directive requiring federal agencies to implement the protocol.
- DMARC asks the email server of a message's purported sender to verify it sent an email message. If the server did not send the message, it can advise the recipient's email account to delete the email, send it to spam or do nothing at all.
- The Global Cyber Alliance (GCA) tested the 26 EOP domains 10 days ago, finding that only one implemented DMARC in a way that fully prevents targets from receiving fake email by sending it to trash. Eighteen did not implement DMARC at all and the remaining seven sent fake emails to the spam folder.
- A retest by GCA shows that six of the domains now have the most secure setting.