This week, at the Federal Cybersecurity Conference & Workshop in Baltimore hosted by the Department of Homeland Security, there was a panel on Email Authentication that explained why authenticated email is vital to their interests. Being able to trust email from federal agencies is highly important to them, not merely for communication among agencies but also between the government and its constituents.
It was explained that in the recent past a couple of US senators have had to arrange sudden press conferences to spread the word that, contrary to what’s been said in email, they are not dead. Apparently there had been forged email campaigns making such claims, causing some amount of chaos, and they needed to be dispelled. The FBI, IRS, and the House domains have also been the target of forged email or phishing campaigns.
Cloudmark was invited to present the perspective of industry to the audience of mainly CIO-level representatives from various branches of the federal government. We highlighted not only the importance of deploying email authentication technologies like SPF and DKIM and why they’re great, but also why they’re not enough. Domain reputation, the obvious next step along the path to securing email, became the focus. Some good questions were asked about the viability and vulnerability of such systems when they’re based on user feedback. Fortunately, we have a lot of good experience in that area from our commercial product and open source history, which supported the discussion.
We’re encouraged to see that the federal government has taken such an interest in these issues. We presented some ideas of how they can help with respect to deploying policy and services from their side of the fence, and we’re looking forward to making progress with them.