Home > United Nations Online Network in Public Administration and Finance (UNPAN)
1. Global
Global
2. Africa
Africa
3. Arab States
Arab States
4. Asia & Pacific
Asia & Pacific
5. Europe
Europe
6. Latin America & Caribbean
Latin America & Caribbean
7. North America
North America
UNPAN North America
Public Administration News  
Share
U.S.: Report - Most 2020 Candidates Aren't Using Anti-Spoofing Email Protections
Source: www.nextgov.com
Source Date: Friday, May 10, 2019
Focus: Electronic and Mobile Government, Institution and HR Management, Internet Governance
Country: United States
Created: May 12, 2019

The vast majority of the 2020 presidential candidates aren’t taking advantage of a basic email security tool that could help prevent phishing attacks, industry researchers found.

Only three of the 24 declared candidates in the 2020 presidential race are fully enforcing Domain-based Message Authentication, Reporting and Conformance, or DMARC, a security protocol that protects against email spoofing, according to a blog post published Friday by the security firm Valimail.

By failing to use the tool, candidates could leave themselves vulnerable to the types of phishing attacks that exposed thousands of the Democratic National Committee’s internal emails during the 2016 election.

DMARC works by automatically pinging an email sender’s domain—elizabethwarren.gov, for example—to ask if specific email addresses are legitimate. If the domain flags the email address as suspect, the tool would divert the email to the recipient’s spam folder or delete the message altogether.

In other words, DMARC could help prevent campaign staffers from opening phishing emails from phony accounts and keep online adversaries from disguising themselves as presidential campaigns to send malicious emails.

Only three candidates—Sen. Elizabeth Warren, D-Mass., Rep. Tulsi Gabbard, D-Hawaii, and former Vice President Joe Biden—have the tool up and running for their campaigns’ online domains, according to the report. The rest of the candidates, including President Donald Trump, either aren’t using DMARC at all or haven’t set any anti-spoofing protocols, meaning suspicious emails would be allowed to go through to recipients inboxes undetected or uninterrupted.

And the consequences of such unchecked messages can be significant.

The Russian hackers who in 2016 exposed tens of thousands of emails from the DNC and Hillary Clinton’s presidential campaign used spoofing techniques that DMARC aims to prevent, according to Dylan Tweney, who leads Valimail’s research program. And 2020 candidates could be at risk of similar attacks if they don’t use these protections, he said.

Beyond compromising campaign’s internal accounts and networks, adversaries could also use email spoofing to spread disinformation to the general public under the guise of an official campaign email address, Tweney told Nextgov.

“Political actors are using this kind of spoofing to spread disinformation campaigns, discrediting campaigns, public officials and even the media itself,” he said. “Without [DMARC] in place, it's far too easy to impersonate a domain, and end users don't have a chance of identifying these fakes.”

(By Jack Corrigan)
News Home

 Tag This
 Tell A Friend
del.icio.us digg this Slashdot
Rate:
0 ratings
Views: 30

Comments: 0 Bookmarked: 0 Tagged: 0



0 Comments | Login to add comment

Site map | FAQs | Terms and Privacy | Contact Us
Copyright 2019 by UNPAN - United Nations Public Administration Network