The 2020 U.S. presidential election has reached a significant cybersecurity milestone. For the first time, more than half of the candidates for president have domains that are protected from spoofing.
That leaves just seven unprotected domains, of which four have configured DMARC but have left it in a monitor-only mode (a policy of “none”). This is a good start, but monitor-only mode still allows messages to be delivered that appear to come from that campaign’s domain but which are not actually authorized by the campaign.
The remaining three have no DMARC configuration at all, so they are also completely vulnerable to impersonation by spoofed emails pretending to come from them.