Nearly 75% of US Senate campaign websites lack Domain-based Message Authentication, Reporting and Conformance (DMARC) protections, leaving them vulnerable to cyber-attacks, a new report by Red Sift has revealed.
The study, authored by Sean S. Costigan, PhD, Managing Director of Resilience Strategy at Red Sift, emphasizes the urgent need for campaigns to strengthen cybersecurity, especially with the critical role email communications play in coordinating with voters, donors and staff.
The Threat Landscape: Phishing and Spoofing Attacks
DMARC is a key tool in preventing phishing and spoofing attacks by ensuring emails sent from a domain are authenticated. Without these safeguards, political campaigns risk cyber breaches that could compromise sensitive voter information, donor data and strategic plans. The report warns that attacks targeting campaign websites could undermine public trust in elections.
Cyber-attacks on US political campaigns are not new. Russian state actors have previously engaged in influence operations designed to disrupt election processes, notably through the hacking of emails during the 2016 election.
More recently, Iran has emerged as a significant threat, focusing on disrupting US election processes through cyber-attacks rather than directly influencing voters. Other state actors, including China, have similarly exploited weak cybersecurity measures in the past to further their interests.
Read more about these campaigns: UK Blames China for 2021 Hack Targeting Millions of Voters' Data
Consequences of Cyberattacks on Democratic Processes
Red Sift’s analysis shows that without DMARC, campaigns remain highly susceptible to phishing, domain-spoofing and impersonation attacks. These threats can slow campaign operations, create disinformation or leak confidential information, all of which can have a devastating impact during critical election periods.
The report highlights that while technical solutions like DMARC are critical, they must also be properly configured and managed to be effective.
The FBI and CISA have in recent years issued advisories stressing the importance of DMARC in protecting against email spoofing and maintaining the integrity of campaign communications. Implementing these measures not only helps secure operations but also reassures voters, contributors and staff that communications are authentic.
With increased attention on election security, adopting DMARC reflects a campaign's commitment to protecting democratic processes and preserving public trust. The report calls for immediate action to prioritize DMARC implementation across US Senate and presidential campaigns.