Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Aïda Amer/Axios

An Axios study shows that very few news organizations — around 6% of a broad sample — successfully use a critical technology that guarantees emails they send are authentic.

The big picture: We've written before about the Department of Homeland Security's struggle to get federal agencies and the White House to implement DMARC, a security protocol that prevents someone from successfully sending an email using someone else's email address. It's only fair to turn that lens on our own industry.

Why it matters: As the news industry increases its reliance on email alerts and newsletters (represent!), our credibility makes us a target for spammers, scammers and purveyors of disinformation or fraud.

  • Imagine a news alert that appears to come from a business publication claiming a company was going bankrupt.
  • Or consider a newsletter on Election Day claiming a candidate had suddenly changed position on a key issue.

Details: Axios used a tool designed by email security company Valimail to check the DMARC status of 199 different news sites — including overlapping lists of the Alexa top 100 news providers, news outlets serving cities of 100,000 or more, and prominent online news sources.

  • Only 12 use DMARC in a way that would prevent fake email from getting to its target.
  • Of the 98 local news sites, only 1 had fully operational DMARC.
  • The list of sites not protected by DMARC includes influential news sources, from the New York Times and USA Today to Fox and NBC networks to Voice of America and major international outlets.
  • Axios is on that list, too.

We ran the tests twice, first last weekend and again Wednesday night, contacting the outlets named in this story after the first test. No one but Axios responded.

  • Axios's response, via Megan Swiatkowski, associate director of communications: "Axios has recently implemented DMARC and is working to finish configuration and testing to begin enforcement. ... Making sure that readers safely and reliably receive Axios newsletters is a top priority."

Fake news is a major concern: "If you want to spread misinformation and fake news, we know that one tool Russians and others have used is to host a fake website," said Dylan Tweney, VP of communications at Valimail. "It seems like the next logical step would be to send out a fake newsletter. "

  • Ben Nimmo, senior fellow for information defense at the Atlantic Council's Digital Forensic Research Lab, agreed. "We’ve seen a few times propagandists have learned from hackers," he said. "Faking email news would entirely fit the pattern of what we’ve seen."

But disinformation isn't the only issue. Phil Reitinger, president and CEO of the Global Cyber Alliance, a security advocacy group, noted, "Media could be very useful as an infection vector for malware."

The intrigue: There didn't appear to be a relation between whether a site used DMARC and how sensitive its content was. One outlet that implemented DMARC solely provides weather updates, while several of the sites providing investment newsletters did not.

DMARC lets inboxes verify that an email was actually sent by the email server it claims to come from. If the email is fake, the server can direct the inbox to deliver the email straight to the trash, to a spam folder or to the inbox anyway.

  • More than half of the sites we tested had no form of DMARC whatsoever.
  • In our study, we considered any site that didn't correctly configure DMARC to prevent 100% of fake emails from reaching recipients' inboxes as failing our test.
  • Sites that have DMARC but haven't set it to screen emails are often still testing it out, trying to ensure that all legitimate emails are successfully delivered.

Go deeper

52 mins ago - Health

U.S. tops 88,000 COVID-19 cases, setting new single-day record

Expand chart
Data: COVID Tracking Project; Chart: Axios Visuals

The United States reported 88,452 new coronavirus cases on Thursday, setting a single-day record, according to data from the COVID Tracking Project.

The big picture: The country confirmed 1,049 additional deaths due to the virus, and there are over 46,000 people currently being hospitalized, suggesting the U.S. is experiencing a third wave heading into the winter months.

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Health: Large coronavirus outbreaks leading to high death rates — Coronavirus cases are at an all-time high ahead of Election Day.
  2. Politics: Top HHS spokesperson pitched coronavirus ad campaign as "helping the president" — Space Force's No. 2 general tests positive for coronavirus.
  3. World: Taiwan reaches a record 200 days with no local coronavirus cases.
  4. Sports: MLB to investigate Dodgers player who joined celebration after positive COVID test.
  5. 🎧Podcast: The vaccine race turns toward nationalism.

The norms around science and politics are cracking

Illustration: Aïda Amer/Axios

Crafting successful public health measures depends on the ability of top scientists to gather data and report their findings unrestricted to policymakers.

State of play: But concern has spiked among health experts and physicians over what they see as an assault on key science protections, particularly during a raging pandemic. And a move last week by President Trump, via an executive order, is triggering even more worries.