There seems to be an endless supply of data around the US political space and the various individuals running for leadership positions and how they are managing their online authentication. By all reports most of the current candidates seem to be doing a poor job in the US. However being Canadian, and also in an election year, I wanted to see how things were running a little closer to home.
The thought of running these tests was triggered by a recent article in the Toronto Star about CSIS warning Canadians about foreign influences meddling in the upcoming federal election. I decided to take a look at the top 5 parties in Canada, via the 250ok email tools, and see how each are managing their authentication practices.
Here is the current status of email authentication by party, as of July 16, 2019:
** See note 3 below
While support looks to be alright for most of the parties, there is significant room for improvement across the board with all of the parties.
The results:
1 – The results show a broad adoption for the authentication technology SPF being supported by all parties. But in three of the five parties they have exceeded the maximum ten DNS lookups as defined in the standard. This could cause some issues with getting email delivered.
2 – Only one party currently uses sub-domains for the majority of their email. The liberal party uses email.liberal.ca, emails.liberal.ca, and action.liberal.ca. All other parties send mail from their parent organisation domain.
3 – Two of the five parties use DKIM for sending of communications, one does not, and I cannot validate the CPC or BQ’s mail. It appears you need to be an active party member to get their emails. If you happen to get these emails please let me know and I’ll update the data.
4 – Three of the five parties have implemented DMARC at a “p=none” policy which will give them insight into potentially fraudulent mail impersonating their party. However the NDP party have failed to designate a reporting email address to collect this data which is about as useful as not publishing a record. So why even bother?
While the world focuses on the US political situation, it’s important to look closer to home and see that things are not that different. In a time where protecting your brand, combating fake news, or misinformation is so important to ask “Why have the political parties not taken the necessary steps to properly manage and protect one of their primary messaging channels?”
Political parties everywhere need to be aware of the potential abuses of their brands, candidates, and members and take the necessary steps to protect them as best they can.