The White House as seen through a exterior fence in 2016. Photo: Yuri Gripas/AFP via Getty Images.

The security advocacy group Global Cyber Alliance tested the 26 email domains managed by the Executive Office of the President (EOP) and found that only one fully implements a security protocol that verifies the emails as genuinely from the White House. Of the 26 domains, 18 are not in compliance with a Department of Homeland Security directive to implement that protocol.

Why it matters: Imagine the havoc someone could cause sending misinformation from a presidential aide's account: Such fraudulent messages could be used in phishing campaigns, to spread misinformation to careless reporters, or to embarrass White House employees by sending fake tirades under their names.

The details: Email was not originally designed with security in mind. Any person can send any message with any email address listed as the sender. The security protocol DMARC allows an email provider to request that another server verify that an email was sent from the claimed sender.

  • DMARC allows a would-be-faked email server to tell the recipient of a scam to delete a fraudulent email, send it to spam or do nothing at all.
  • The Department of Homeland Security issued a binding directive in October that federal agencies had to start using DMARC within 90 days. Eighteen of the 26 EOP domains have not done this yet, per Global Cyber Alliance's work.
  • Seven of the remaining domains are using DMARC, but do not have it set to alert email providers to move fake emails from inboxes to spam or trash. Only one of the domains has it set to remove the emails from the inbox and head off a potential scam.

Get more stories like this by signing up for our cybersecurity newsletter, Codebook.

Go deeper

A wild weekend for Microsoft's play for TikTok

Illustration: Aïda Amer/Axios

While its Big Tech rivals were testifying in front of a congressional antitrust committee last week, Microsoft was negotiating what could be the largest — and most politically perilous — tech acquisition of 2020.

The state of play: The hullabaloo surrounding Microsoft picking up TikTok has undergone a flurry of twists and turns over the weekend, as both the White House and the tech giant reacted in real time.

XFL sold to group that includes Dwayne "The Rock" Johnson for $15 million

Photo: Abbie Parr/Getty Images

The XFL sold Monday for $15 million to a group that includes former WWE star Dwayne "The Rock" Johnson, Sportico reports.

The state of play: The move does not necessarily mean the upstart football league is returning.

3 hours ago - Sports

Pac-12 football players threaten coronavirus opt-out

Illustration: Eniola Odetunde/Axios

A group of Pac-12 football players have threatened to opt out of the season unless the conference addresses systemic inequities and concerns related to the coronavirus pandemic.

Why it matters: College football players have never had more leverage than they do right now, as the sport tries to stage a season amid the pandemic. And their willingness to use it shows we've entered a new age in college sports.