State election offices' emails are way too easy to hack

Only 4 percent of state election offices could actually stop hackers from sending emails from their official accounts, an alarming new study from cybersecurity firm Anomali has found. The study was provided to Axios, which published a story Monday that detailed just how easy it is to mess with elections.

The danger stems from how basic email is set up, Axios says. There are no security measures on basic email servers that ensure an email is actually coming from the address it's labeled with. State election systems — or anyone who wants email security — should install a combination of measures known as SPF and DMARC, which together tell recipients that an email is probably fake or can designate a message as spam.

Yet just 4 percent of offices have this system in place, the study found. And only 10 percent of offices use another security protocol called DKIM, which makes sure emails are actually from the sender they appear to be from. All of this could mean hackers could easily send a convincing email to voters saying their polling location or date had changed, among other sneaky suppression maneuvers.

The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

Anomali derived its study from election offices across 50 states, three U.S. territories, and Washington, D.C. Read a more technical explanation of the dangers at Axios.