Only a third of U.S. presidential candidates in 2020 are using e-mail security, which could prevent similar attacks that could trouble Democrats in the 2016 election,media reported. According to Reuters, only seven Democrats in the race’s 21 presidential candidates used and executed DMARC, an e-mail security protocol that verifies the authenticity of the sender’s e-mail and refuses to defraud e-mail, a spoof that hackers often use to trick victims into opening malicious links.
But that’s a marked increase from April, when only Elizabeth Warren’s campaign adopted the technology. Now, the Democratic campaign teams of Joe Biden, Kamala Harris, Michael Bloomberg, Amy Klobuchar, Cory Booker, Tulsi Gabbard and Steve Bullock have all improved the security of their emails.
None of the other candidates, including U.S. President Donald Trump, used the security feature. The other seven candidates did not use DMARC. Experts say this could expose their campaigns to foreign influence campaigns and cyberattacks.
“When a campaign doesn’t use these basic features, they’re going to open the door,” said Armen Najarian, chief identity officer at Agari, an e-mail security firm. “The campaign must set both email authentication and advanced e-mail security in the enforcement strategy of the rejection policy to protect it from social engineering covert attacks. “
DMARC is free and easy to implement, prevents attackers from impersonating a candidate’s campaign team, but also prevents targeted phishing attacks on candidate networks that result in thousands of stolen emails from Democrats.
On the eve of the 2016 presidential election, Russian hackers sent an email to John Podesta, Hillary Clinton’s campaign manager, posing as a Google security warning. The phishing email, released by WikiLeaks with the rest of the email cache, tricked Podesta into clicking on a link to take over his account, allowing hackers to steal thousands of private emails.
Properly executed DMARC policies will completely reject phishing emails in Podesta’s inbox, although DMARC does not prevent highly complex cyberattacks.
“It’s confusing that the campaign hasn’t been active in addressing this issue,” Najarian said. “