Election email security

Election email security

Valimail’s analysis shows that, at virtually every level of the American election infrastructure, there is massive vulnerability to impersonation. This is due largely to the poor penetration of email authentication standards that can prevent spoofing. 

Not only local governments, but also state governments, campaign and PAC domains, and election systems manufacturers are, by and large, unprotected from email spoofing.

Key findings:

  • Only 15% of campaigns and political action committees (PACs) are protected from spoofing with DMARC enforcement
  • Democrats have better email security hygiene in this respect: Democrats.org is protected by DMARC enforcement; Donaldjtrump.com and GOP.com are unprotected
  • Only 3.3% of U.S. state domains are protected
  • Just 7% of the largest counties’ domains are protected — an increase of just 2 percentage points from 2019
  • Only one of the eight election systems manufacturers certified by the U.S. government is protected from email spoofing