Recent analysis of the websites of 16 current presidential candidates indicate insufficient security to stop attackers from sending emails out impersonating the campaign.
Email security vendors Agari and Valimail take advantage of DMARC (Domain-based Message Authentication, Reporting and Conformance) – an email authentication, policy, and reporting protocol designed – to help organizations detect and prevent email spoofing.
According to these firms, only 8 of the 16 current presidential candidates have DMARC implemented, with only 2 using any kind of advanced email solution.
Without proper use of DMARC, presidential candidates are susceptible to email spoofing attacks where cybercriminals can send out emails pretending to be from the campaign, using social engineering and malware to claim victims of supporting businesses and voters.
The same is true of any organization; without DMARC properly in place, it’s easy for cybercriminals to spoof your domain, using it as a tool to attack employees, contractors, vendors, and customers.
Organizations should determine the state of their domain using a spoofing test, and look to implement DMARC controls, potentially leveraging third-party solutions to further ensure that inbound email domains meet DMARC’s security requirements before being accepted.