From https://www.cyberscoop.com/dhs-dmarc-mandate/ :

> By Jan. 2018, all federal agencies will be required to implement DMARC across all government email domains.

> Additionally, by Feb. 2018, those same agencies will have to employ Hypertext Transfer Protocol Secure (HTTPS) for all .gov websites, which ensures enhanced website certifications.

DMARC: https://en.wikipedia.org/wiki/DMARC

https://dmarc.org

Requiring TLS (and showing an unlocked icon for non-TLS-secured emails) would also be good.