April 18, 2025
CDT Fast-Tracks “DMARC” to Lock Down Email Inboxes
SACRAMENTO, Calif. – Email is one of our most important digital tools—whether we’re keeping in touch with staff, or collaborating with other entities, email is our go-to. But email can also be risky. That’s why the California Department of Technology (CDT) became the first department in the state to implement DMARC, a major step forward in protecting how we communicate. DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, a long name that helps protect us from email spoofing, phishing scams, and spam. Without it, cybercriminals can make messages appear like they’re coming from people we trust—when really, they aren’t.
Rolling out DMARC wasn’t a quick fix. It took serious technical knowledge from configuring Domain Name System (DNS) records to making sure email authentication protocols aligned. The CDT DMARC team worked closely with the DNS provider to ensure everything was running smoothly. Normally, this type of project can take months—or even longer—because every detail must be right. One typo in a DNS record and everything could fall apart, but the team was as fast as they were focused. They planned carefully, collaborated closely, and pulled it all off in only three months.
The timing couldn’t have been better. Phishing attacks targeting government entities jumped by 360% over the past year, and email scams are getting smarter by the day. In 2023, Californians alone reported over $2 billion in losses tied to internet crimes, and phishing made up a big chunk of that. The risks are real—and growing. DMARC helps us push back, protect email messages, and stay ahead of the bad actors.
Beyond its technical work, the team focused on preparation: Clear documentation and guidance, as well as hands-on support, created a smooth transition. Collaboration made adoption much easier.
“Now that DMARC is live, we’re seeing real benefits,” said Deputy State Chief Technology Officer Chaeny Emanavin. “Our emails are more secure, spoofing and phishing attempts are way down, and messages we send are more likely to land in inboxes instead of being flagged or rejected.”
Thanks to DMARC, CDT is better aligned with federal guidelines and private-sector best practices. Many major organizations already require DMARC compliance so that messages are delivered securely and not impersonated, giving CDT a more secure foundation for day-to-day communication and setting an example for other departments to follow. With successful implementation completed, CDT can now offer DMARC to other entities as another one of its many services.