Agari supports email fraud on behalf of larger than 400 federal websites, including the real sites of the departments of Health and Human Services and Veterans Affairs, the Census Bureau and the Senate.
Though emails list who a word is “from,” the email order does nothing to verify if a message really was sent to the address listed in the “of” field.
There are newer rules that can automatically validate emails, known as DMARC. That order double-checks that communications were sent by their listed senders, allowing fake emails to be destroyed or sent to spam. The Department of Homeland Security (DHS) this week published a directive requiring all federal agencies to complete DMARC.
Agari and other providers can be handled to set up DMARC and Agari based its statistics on DMARC authentication.
In more than 335 million governmental emails Agari studied, more than 85 million were fake.
Agari records that only 18 percent of federal web domains have DMARC. And, of those, more than half do not take the power of DMARC’s option to request email providers delete fraudulent emails or post them to spam folders.