Many White House email domains are not compliant with a governmentwide cybersecurity directive, lagging behind the rest of government and putting them at risk of being used in a large-scale phishing attack, per a review conducted by a cybersecurity organization.
The Global Cyber Alliance found 18 of the 26 email domains of the Executive Office of the President have not begun to implement an email security protocol required under a Department of Homeland Security binding operational directive.
The security protocol, Domain-based Message Authentication, Reporting and Conformance or DMARC, is an email authentication tool designed to prevent email spoofing and provide data on where a forgery may have originated.