Sign in
  • Home
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Support
Request phishing analysis
  • Products
    • Enforce
    • DMARC Monitor
    • Instant SPF
    • Amplify
  • Solutions
    • Anti-phishing
    • Brand protection
    • Compliance
    • Government
    • Marketing
    • Microsoft
    • Shadow IT
  • About
    • News + awards
    • Partners
    • Team
    • Careers
    • Industry leadership
    • Customer support
  • Learn
    • Resources
    • Blog
    • Customers
  • Get started for free
  • Support
  • Sign in
Check to see if you’re protected
☰
Check to see if you’re protected
Related posts
  • Press release
    Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
  • Press release
    Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
  • Press release
    Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft Azure Marketplace
Valimail press release

Valimail: 2020 election infrastructure still vulnerable to email hackers

Report: Only 3% of state, 7% of top county domains protected

SAN FRANCISCO, October 22, 2020 — Valimail, the global leader in zero-trust, identity-based anti-phishing solutions, has released its latest report, “2020 Election Infrastructure Remains Vulnerable to Email Hacking.” With less than two weeks until Election Day, the report presents new data that illustrates the threat of impersonation-based email phishing attacks that utilize domains involved in the U.S. election.

The report highlights a lack of adherence to email authentication standards for email domains associated with the U.S. presidential campaigns, political action committees (PACs), U.S. state and county governments, as well as election system manufacturers. Valimail found most domains were unprotected from email spoofing, meaning they could easily be impersonated by attackers pretending to play some role in the election infrastructure.

“You often hear of email phishing within the corporate world — when business email compromise or related attacks result in loss of funds or proprietary data — but the threat within the U.S. election infrastructure is unique,” said Alexander García-Tobar, CEO and co-founder of Valimail. “Malicious agents could use the essential and pervasive nature of email to spread uncertainty, confusion, misinformation or doubt, which could, in turn, interfere with a free and fair election.”

The report makes a strong case for a widely used industry standard called Domain-based Message Authentication, Reporting, and Conformance, also known as DMARC. DMARC enforcement is considered the industry best practice for email authentication to prevent attacks in which malicious third parties try to send harmful email using a counterfeit address. Valimail’s latest research is also timely given email phishing attacks are at their highest level in three years.

Valimail is calling on federal and state officials to prioritize DMARC for all domains involved in elections, as the federal government has already done for federal agency domains. Valimail manages DMARC for more organizations than any other vendor worldwide and has the highest rate and greatest speed of getting customers from monitoring mode to DMARC enforcement.

Key takeaways from Valimail’s latest election security report include:

  • Only 15% of campaigns and PACs are protected from spoofing with DMARC enforcement.
  • Just 7% of the largest counties’ domains are protected.
  • Only 3.3% of U.S. state domains are protected.
  • Only one of the eight election systems manufacturers certified by the U.S. government is protected from email spoofing.
  • Protected by DMARC enforcement: Democrats.org, five liberal PACs and one conservative PAC.
  • Unprotected: Donaldjtrump.com, GOP.com, Joebiden.com, and the majority of liberal and conservative PACs.

“Our message to all domains involved in elections is to check your email authentication and determine your level of protection and vulnerability,” said Seth Blank, vice president of standards and new technologies at Valimail. “Use 2020 as the catalyst to prepare for future elections — prioritize DMARC enforcement for email and multifactor authentication for all systems.”

The research in this report stems from an analysis Valimail performed on hundreds of domain name system (DNS) entries related to state and local governments, campaigns, PACs and election system manufacturers. Valimail looked for DMARC and sender policy framework (SPF) records, analyzing the configuration and DMARC policy on each one.

To download the full report, please visit valimail.com/resources/election-email-security/. Governments, groups and organizations that want to take the first step of their DMARC enforcement journey can also check the status of their domains using Valimail’s free, instant domain checker at valimail.com.

About Valimail

Valimail is the global leader in zero-trust email security. The company’s full line of cloud-native solutions authenticate sender identity to stop phishing, protect brands, and ensure compliance; they are used by organizations ranging from neighborhood shops to some of the world’s largest organizations, including Uber, Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration. Valimail is the fastest growing DMARC solution, with the most domains at DMARC enforcement, and is the premier DMARC partner for Microsoft 365 environments. For more information visit www.valimail.com.

Resources
Top retailers remain vulnerable to email brand spoofing
Learn more
Email security with Microsoft and Valimail
Learn more
Election email security
Learn more
Email fraud landscape, Summer 2020
Learn more
Preparing for BIMI: A Marketer’s Guide
Learn more
Latest news
Trump’s refusal to concede the election is creating an opening for cy...
Learn more
2020 General Election Results to Directly Impact Tech Industry
Learn more
Why Email Is Still an Election Day Disinformation Risk
Learn more
US elections are still vulnerable to email spoofing
Learn more
Security Gaps Persist, Report Warns, After U.S. Blames Iran In Election Sch...
Learn more
Press releases
Valimail Triples Customer Base, Becomes Top Global DMARC Provider in 2020
Learn more
Valimail: 2020 election infrastructure still vulnerable to email hackers
Learn more
Valimail Announces Selection by ASG for Anti-Phishing and BEC Protection
Learn more
Valimail DMARC Monitor and Valimail Enforce Now Available in the Microsoft ...
Learn more
Valimail Research Finds More Than 1 Million Domains Using Crucial Email Aut...
Learn more
Follow us
Contact us

P: 888.354.6179
E: info@valimail.com

Headquarters

180 Montgomery Street
20th Floor
San Francisco, CA 94104

Valimail Mountain Office

1550 Larimer Street
Suite 271
Denver, CO 80202

Request a full phishing analysis
© Valimail
  • Terms of use
  • Privacy Policy
  • Website terms of use
  • Do not sell my personal information
  • Phishing Analysis
  • Domain Checker
  • Products
  • Enforce
  • DMARC Monitor
  • Instant SPF
  • Amplify
  • Solutions
  • Anti-phishing
  • Brand protection
  • Compliance
  • Government
  • Marketing
  • Microsoft
  • Shadow IT
  • About
  • News + awards
  • Partners
  • Team
  • Careers
  • Industry leadership
  • Customer support
  • Learn
  • Resources
  • Blog
  • Customers