{"id":90912,"date":"2019-06-29T10:22:06","date_gmt":"2019-06-29T14:22:06","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-07-30T10:10:28","modified_gmt":"2021-07-30T14:10:28","slug":"most-presidential-wannabes-dont-use-basic-email-security","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/most-presidential-wannabes-dont-use-basic-email-security\/","title":{"rendered":"Presidential Wannabe’s Don’t Use Email Security"},"content":{"rendered":"

\"Most<\/a>We are in the run-up to the 2020<\/strong> silly<\/del> U.S. Presidential election<\/strong> season. Not much has changed in the three years after Trump operatives<\/del><\/a> Russian hackers<\/a> targeted and breached<\/a> the email accounts of Hillary Clinton\u2019s presidential campaign. Email security firm Agari<\/a> reports<\/a> that nearly all 2020 presidential candidates have learned nothing. <\/strong>They have not implemented email security<\/a>. <\/strong>They are not protected against email attacks, fraud, and data breaches typically run by nation-states.<\/p>\n

\"\"During the 2016 presidential campaign, the chairman of Hilary Clinton\u2019s campaign, John Podesta<\/strong><\/a>, was the victim of a spear-phishing attack<\/a>. <\/strong>That attack led to the now-infamous WikiLeaks email<\/strong><\/a> publication. The WikiLeaks release derailed the campaign and influenced the result of the election. Agari\u2019s CMO, Armen Najarian<\/a>, explained the importance of DMARC email protection<\/strong>;<\/p>\n

DMARC is more important than ever because if it had been implemented with the correct policy on the domain used to spearphish John Podesta, then he would have never received the targeted email attack from Russian operatives.<\/em><\/p>\n

Which campaign practices email security<\/h3>\n

\"Clowns\"<\/a>Data released by the California-based firm found that just one presidential hopeful uses DMARC for email security. Democratic candidate Elizabeth Warren’s campaign is the only one that uses DMARC for email security. The Warren campaign has completely secured its campaign against the types of email threats that took down Clinton and harmed<\/strong>\u00a0her campaign staff, potential donors, and the public.<\/p>\n

Agari suggested in a blog post that the remaining 11 candidates it checked do not<\/strong> use DMARC. This includes Bernie Sanders, Joe Biden<\/strong>, and presidential incumbent Donald Trump. <\/strong>All do not use DMARC on their campaign domains to secure their email accounts<\/strong>. The company warned that the candidates risk their campaigns being impersonated in spam campaigns and phishing attacks<\/a><\/strong>.<\/p>\n

Agari also analyzed advanced email security controls of the campaigns. They found<\/a>\u00a0that 10 of 12 have no additional protection beyond basic security included in Microsoft Office 365 or Google Suite<\/strong>.<\/p>\n

Email alphabet soup<\/h3>\n

\"\"<\/a>DMARC is not an email authentication protocol. It sits on top of the authentication standards SPF<\/strong><\/a>\u00a0(Sender Policy Framework)\u00a0and\u00a0DKIM<\/strong> (Domain Keys Identified Mail). With SPF and DKIM, DMARC supplements SMTP<\/a><\/strong>, the basic protocol used to send email, because SMTP does not include any mechanisms for email authentication.<\/p>\n

A properly configured DMARC policy can tell a receiving server whether or not to accept an email from a particular sender<\/strong>. DMARC records are published alongside DNS records, including:<\/p>\n