The new presidential election is coming close. If you kept an eye on the seesaw battle between Donald Trump and Hilary Clinton for American presidential campaign three years ago, you wouldn’t forget the infamous email controversy that made the final call. This email controversy was brought up by FBI three months before the election and lasted until only days before it. Media propaganda upon security issues contributed dramatically to the taken-down of Hilary Clinton from presidency.
Interestingly, Agari, a cybersecurity firm, conducted an email security investigation for 12 presidential candidates of the upcoming 2020 election, as was reported by TechCrunch. Let’s look at Hilary Clinton’s lapse as well as the performance of her 2020 counterparts, from which we can draw some lessons for your own email security.
To put it simply, Hilary Clinton did not use her state.gov email account. Instead, she set up an email server at her home in Chappaqua, New York, in 2009, shortly before she’s in office as the Secretary of the State.
The home-based email server allowed her to use firstname.lastname@example.org, for all her electronic correspondence – both work-related and personal – during her four years in office and longer.
In this case, apparently, servers owned and managed by the US government is privileged with protection from government agencies, as well as more supervision, than home-based ones.
Although she claimed her server to be free from attack, independent cybersecurity analysts have said that expert hackers can break into email servers without leaving any evidence.
And after years of investigation, FBI found that information of the highest classification level was contained in four of her emails.
According to Agari, only one presidential hopeful – Democratic candidate Elizabeth Warren (Congratulations!) – adopts email security measures to verify email senders, report phishing email and block email spam. The functions are achieved with a domain-based message authentication, reporting, and conformance policy — or DMARC.
However, none of the remaining 11 candidates it checked use DMARC on their campaign domains. including Bernie Sanders, Joe Biden, and presidential incumbent Donald Trump. These candidates are risking their campaigns being impersonated in spam campaigns and phishing attacks, which can be used against themselves in the election.
DMARC is a set of email authentication protocols – SPF and DKIM mechanisms – to reduce fraudulent emails. These protocols are like raincoats that shields you off heavy rain and mud water.
DMARC standardizes how email receivers perform email authentication; in other words, it helps you to decide:
- Whether to receive the email from a list of senders that you allow, by matching the sending IP with the allowed IP published by the source domains.
- Whether the sender is fake, by verifying the signature of the sender with the key of the sender domain.
Combining the two protocols, DMARC enables senders to experience consistent authentication results for their messages at email receivers.
In recent years, the U.S. government has spearheaded an effort to get DMARC rolled out across federal domains following pressure from Congress. Sen. Ron Wyden once called the rollout of DMARC “a no-brainer that increases cybersecurity without sacrificing liberty.”
If you work in fields of accounting, law, trade & business, research & technology, whatever job that deals with confidential information and communicates largely with emails, you shall count more on email security.
Mr. Post would then be your go-to helper. It not only carries SPF and DKIM verification, but also incorporates AI into its core real-time evaluation engine. Developed by a group of security experts with 30 years’ experience in cybersecurity, it takes advantage of their domain knowledge and expert rules to better its service.
With all the abilities, it’s a lightweight add-in compatible to your Outlook, web browser and mobile phone, wherever you deal with emails. Currently available on Microsoft AppSource. For free.