Nearly 75% of U.S. Senate campaign websites lack DMARC protection, also known as domain-based message authentication, reporting, and conformance protection.
DMARC tools are used to prevent phishing and spoofing attacks by ensuring that the domain from which an email is sent is authenticated.
Without these protections, campaign websites remain vulnerable to cyberattacks. This is a significant issue given that campaigns frequently send emails to voters, donors, and staff.
This could potentially lead to the leaking of voter information, donor data, strategic campaign planning, and other sensitive data, further exacerbating the public’s lack of trust in U.S. elections, an issue that has been growing in recent years. It’s becoming more and more noticeable. In 2016, Russian state actors attempted to influence the presidential election by interfering with the electoral process and hacking emails.
Research conducted by Red Sift shows that without DMARC, campaigns are highly susceptible to phishing, domain spoofing, and impersonation attacks, which can ultimately delay campaign operations, compromise confidential information, or worse. It may be possible to connect.
The report calls for immediate prioritization of DMARC implementation across the U.S. Senate and presidential campaigns, and to ensure these implementations are properly configured.
