Latest Work

Latest Work

Presidential campaigns taking email security more seriously–not so much at the local level

Articles, Blog, News
featured image

DMARC now protects the email domains for most U.S. presidential candidates, according to a new report, but local election bodies lag behind and are vulnerable to spoofing.

The 2020 election season got off to what could be a record-setting rocky start with delays in the reporting of the Iowa caucus results due to a poorly developed app. The failure of the mobile IowaReporterApp developed for the Democratic party by a company called Shadow, Inc., followed by revelations that the app was riddled with security errors, fueled further the flames of anxiety about the security of 2020 voting and election systems. (To be clear, the IowaReporterApp was not a mobile voting app but merely a means of collecting and reporting the results of the individual caucuses.)

Against the spectacular failure of the Iowa caucus and as the Democrats head into tomorrow’s New Hampshire primary having ditched the Shadow app, there are some signs that election-related security is otherwise headed in the right direction. For the first time, the 2020 U.S. presidential election hit a milestone because more than half of the candidates for president have domains that are protected from spoofing, according to a just-released study by identity-based anti-phishing company Valimail.

Of the 14 candidates currently in the race (including Donald Trump but excluding Joe Walsh, who dropped out last week), eight are protected by Domain-based Message Authentication, Reporting, and Conformance (DMARC) policies set to enforcement. DMARC is an email authentication, policy and reporting protocol that builds on two other widely deployed email security protocols, Sender Policy Framework (SPF) and DomainKeys Identified Mailprotocols (DKIM), that give domain owners control over who can send as them.

[This article appeared in CSO Online. To read the rest of the article please visit here.]