Security News > 2020 > February > Presidential Candidates' Use of DMARC Improves, but Remains Short of Optimum
More specifically, of the 15 current candidates, eight now protect their domains from email spoofing with enforced DMARC. In May 2019, when there were still 23 candidates, only three were protected by DMARC. DMARC works with two other email standards to give domain owners control over which senders are allowed to send messages 'as' them.
Today, three domains have no DMARC, while four more have unenforced DMARC. Although running DMARC in 'unenforced' mode is often an indication that DMARC is in process of implementation, for so long as it is unenforced, there is no protection.
Almost all email servers now support DMARC. They check to see if the apparent source domain has DMARC configured, and if so, whether the sender is approved.
Valimail believes that the improvements in the presidential candidates' use of DMARC over the last nine months is promising; but that "Election officials as well as the vendors of hardware and software used in elections are all still far too easy to impersonate. In short, email remains a weak link in election security. The first step in closing that gap is to implement DMARC authentication, just as the campaigns have done."
It concludes, "It's a real sign of progress when more than half of the presidential campaigns have not only published DMARC records, but have configured them with effective enforcement policies."