13.2 What is Binding Operational Directive (BOD) 18-01?
Binding Operational Directive 18-01, or BOD 18-01 for short, is a US Department of Homeland Security directive aimed at Federal executive branch agencies, issued on 16 October 2017. It is "binding" in the sense that it is a "compulsory direction" to those agencies "for purposes of safeguarding federal information and information systems." DHS believed so strongly in the need for DMARC to be adopted that, in BOD 18-01, it stated unambiguously
“Within one year [October 16, 2018] of BOD issuance, set a DMARC policy of “reject” for all second-level domains and mail-sending hosts.”
Federal agencies were, predictably, slow to adopt the policies demanded by the directive. The research firm Agari Data reported that, as of July 15, 2018, "19 percent of executive branch domains still have no DMARC record and 26 percent have not progressed past the monitoring policy (p=none), leaving almost half of executive branch domains vulnerable to domain name spoofing."
LISTSERV's DMARC support provides its executive branch customers -- and others -- with a seamless DMARC-ready mailing list solution.
In passing, and unrelated to DMARC, it should also be noted that the LISTSERV web interface can enable HTTP Strict Transport Security, which directs browsers to only connect to the web interface using secure HTTPS connections. Unencrypted HTTP connections are automatically replaced with HTTPS connections at the browser level, preventing the transmission of unencrypted data to the server. HSTS is also required by US BOD 18-01. For more information, please see the WWW_HSTS_MAX_AGE site configuration keyword.