The UK’s political parties are largely failing to protect their members from phishing attacks ahead of the European elections, a security vendor has claimed after revealing poor take-up of the DMARC protocol.
Domain-based Message Authentication, Reporting and Conformance, to give it its full title, is widely regarded as a best practice solution to help mitigate the threat of email impersonation.
Although not a silver bullet for email security, it helps to guarantee the legitimacy of the sender, which is why the UK government mandated its use for departments back in 2016, with the US following two years later.
However, according to analysis from Red Sift of all 22 main UK political parties participating in the European Parliament elections, only five had DMARC implemented.
These were the Lib Dems, Labour, the SNP, and two lesser known organizations: the Socialist Party and the Animal Welfare Party. That means the Conservatives, UKIP the Brexit Party and others are potentially putting their members at risk of phishing and other email scams.
However, even those that implemented DMARC are not quite there yet: Red Sift detected only “p=none” policies, which are the weakest form of the protocol. It amounts to little more than monitor mode, meaning recipients may still get phishing emails in their inbox — dubious messages are neither sent to the user’s spam folder nor rejected outright.
Randal Pinto, co-founder and COO at Red Sift, described the results of the firm’s analysis as “deplorable.”
“Let’s lay our cards out on the table, the ..