Search press releases

Advanced search options
Dial 999 in an emergency
Dial 101 in a non-emergency

Global Cyber Alliance Applauds U.S. Department of Homeland Security’s Requirement to Deploy DMARC, HTTPS, and STARTTLS Across All Federal Government Web Properties

In June of 2016 the Government announced that all UK Government email domains would implement DMARC and now, a little more than a year later, the U.S. Government has followed suit. 

 At a cybersecurity roundtable hosted by the Global Cyber Alliance on 16 October 2017 in New York City, the U.S. Department of Homeland Security’s issued a Binding Operational Directive (BOD) focused on bolstering email and website security for all U.S. federal agencies that operate Governement email and website domains. At the event, Jeanette Manfra, Assistant Secretary for the Office of Cybersecurity and Communications announced that within the next 90 days, all U.S. federal agencies will be required to:

  • Deploy the email security protocol DMARC (Domain-based Message Authentication, Reporting & Conformance) to prevent spammers and phishers from using federal agency email domains to conduct cyber attacks.

Within the next 120 days, all federal agencies will also be required to:

  • Employ HTTPS (Hypertext Transfer Protocol Secure) for all websites to provide more secure connections between citizens and government agencies; and

  • Use other protocols along with HTTPS to help ensure that communications with the federal government are secure.

“It is critical that U.S. citizens can trust their online engagements with all levels of the federal government,” Assistant Secretary Manfra said. “We are calling on all federal agencies to deploy a toolkit of advanced cybersecurity technologies that will enable them to better fulfill our ultimate mission – serving and protecting the American public.”

DMARC is supported by 85 percent of consumer email inboxesin the United States (including Gmail, Yahoo, Microsoft, etc.) and more than 2.5 billion email inboxes worldwide. However, DMARC adoption rates among enterprises and government remains low.

“DMARC doesn’t protect email, it protects people,” said Phil Reitinger, President and CEO of the Global Cyber Alliance. “Once federal agencies fully deploy DMARC, citizens cannot be phished by a criminal posing as a Government employee. The federal government is stepping up and setting an example that the private sector should follow. If the U.S. government can deploy DMARC across more than 1,300 domains, then we should expect the same of the companies on which we depend.”


For more details on DMARC, please visit:


“DMARC has now been adopted by both the UK and U.S Government which shows how important cyber security is becoming across the globe. Email spoofing continues to be a problem and everything possible must be done to prevent cyber criminals from taking advantage of innocent people” said Ian Dyson City of London Police Commissioner.




Share release