Only 4 percent of state election offices could actually stop hackers from sending emails from their official accounts, an alarming new study from cybersecurity firm Anomali has found. The study was provided to Axios, which published a story Monday that detailed just how easy it is to mess with elections.
The danger stems from how basic email is set up, Axios says. There are no security measures on basic email servers that ensure an email is actually coming from the address it's labeled with. State election systems — or anyone who wants email security — should install a combination of measures known as SPF and DMARC, which together tell recipients that an email is probably fake or can designate a message as spam.
Yet just 4 percent of offices have this system in place, the study found. And only 10 percent of offices use another security protocol called DKIM, which makes sure emails are actually from the sender they appear to be from. All of this could mean hackers could easily send a convincing email to voters saying their polling location or date had changed, among other sneaky suppression maneuvers.