GCA said Wednesday it also found that seven of the White House email domains have deployed the DMARC protocol at the ânoneâ level, which works to facilitate email monitoring but fails to block spoofed emails.
The report noted that Max.gov is the only White House email domain that has deployed the highest-level DMARC policy that works to block email spoofing and phishing activities.
âThe lack of full DMARC deployment across nearly every EOP email address poses a national security risk that must be fixed,â said Philip Reitinger, president and CEO of GCA.
âThe EOP domains that have recently deployed DMARC at its lowest setting include WhiteHouse.gov and EOP.gov, two of the most significant government domains,â Reitinger added.
EOP oversees email domains such as WhiteHouse.gov, Budget.gov, OMB.gov, USTR.gov, OSTP.gov and EOP.gov.
The Department of Homeland Security released a directive in October 2017 to help federal agencies protect emails and websites from cyber threats through the adoption of DMARC and other security protocols.