Though we have heard the rambling cries of “but her emails!” since 2016, it seems that almost none of the 2020 presidential candidates—including current president Donald Trump—have managed to take even the most basic measures regarding email security. Tech Crunch reports that the only candidate that uses the domain-based message authentication, reporting, and conformance policy known as DMARC, is the progressive Junior Senator from Massachusetts: Elizabeth Warren.
DMARC is built from to important security protocols known as the Sender Policy Framework (SPF) DomainKeys Identified Mail (DKIM). They both detect fake sender addresses to protect the recipient from phishing and scams, cryptographically verifying a sender’s email and marking suspicious messages as spam or rejecting them completely if it can’t be properly validated.
Agari, which has a commercial stake in the email security space, confirmed that neither Bernie Sanders, Joe Biden, or Donald Trump among most other presidential hopefuls do not use DMARC on their campaign domains. The company warns that the candidates’ campaigns are at risk of being impersonated by spam campaigns and phishing attacks.
This is all despite the fact that more than 80 percent of the government was using the security feature by last October, which was the Department of Homeland Security’s deadline. Thanks to pressure from Congress, the U.S. government has actually made increasing efforts over the past few years to roll DMARC out across federal domains, which Sen. Ron Wyden (D-OR) once called “a no-brainer that increases cybersecurity without sacrificing liberty.”
There has also been a slight uptake in DMARC use within the private sector. 16% of Fortune 500 companies are using it, doubling 2017’s 8% figure.
“DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives,” said Agari’s Armen Najarian.