Photo: Stephen Maturen/Getty Image

Very few (only 4%) of state elections offices across the 50 states, Washington D.C. and the three U.S. territories use adequate protection to keep hackers from sending email from those offices' official email addresses, according to a new study by the security company Anomali.

Why it matters: Nothing in the basic email protocol guarantees that a sender's address is authentic. To do that, web sites need to add a handful of additional security protocols. That could lead to voter suppression if a dirty tricks-wielding campaign sends emails from the official account saying that polling places have moved, election days changed, or groups of people are no longer registered to vote.

The Anomali study looked at 6 different security protocols: DANE, DKIM, DMARC, DNSSEC, SPF and STARTTLS.

  • DKIM, DMARC and SPF all have different functions to protect recipients from fake or “spoofed” email addresses.
  • DNSSEC, DANE and STARTTLS work together to ensure the message reaches the right recipient without being altered along the way.

The details: If a website fails to have SPF and DMARC in place and configured to prevent it, a bad guy can fake (or "spoof") an email from the site.

  • Properly set up, SPF identifies if a server has permission to send an email from a domain and DMARC tells an email client to either reject emails that fail SPF or mark them as spam.
  • Only 4% of elections sites had both set up in a way to prevent spoofing.
  • DKIM ensures specific emails were in fact sent by the senders listed. Only 10 percent of states use DKIM.
  • None of the security protocols had even 50% adoption accross the states.

Go deeper

Trump tightens screws on ByteDance to sell Tiktok

Illustration: Aïda Amer/Axios

President Trump added more pressure Friday night on China-based TikTok parent ByteDance to exit the U.S., ordering it to divest all assets related to the U.S. operation of TikTok within 90 days.

Between the lines: The order means ByteDance must be wholly disentangled from TikTok in the U.S. by November. Trump had previously ordered TikTok banned if ByteDance hadn't struck a deal within 45 days. The new order likely means ByteDance has just another 45 days after that to fully close the deal, one White House source told Axios.

Updated 5 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Global: Total confirmed cases as of 9:30 p.m. ET: 21,056,850 — Total deaths: 762,293— Total recoveries: 13,100,902Map.
  2. U.S.: Total confirmed cases as of 9:30 p.m ET: 5,306,215 — Total deaths: 168,334 — Total recoveries: 1,796,309 — Total tests: 65,676,624Map.
  3. Health: CDC: Survivors of COVID-19 have up to three months of immunity Fauci believes normalcy will return by "the end of 2021" with vaccine — The pandemic's toll on mental health — FDA releases first-ever list of medical supplies in shortage.
  4. States: California passes 600,000 confirmed coronavirus cases.
  5. Cities: Coronavirus pandemic dims NYC's annual 9/11 Tribute in Light.
  6. Business: How small businesses got stiffed — Unemployment starts moving in the right direction.
  7. Politics: Biden signals fall strategy with new ads.

Harris: "Women are going to be a priority" in Biden administration

Sen. Kamala Harris at an event in Wilmington, Del. Photo: Drew Angerer/Getty Images

In her first sit-down interview since being named Joe Biden's running mate, Sen. Kamala Harris talked about what she'll do to fight for women if elected VP, and how the Democrats are thinking about voter turnout strategies ahead of November.

What they're saying: "In a Biden-Harris administration women are going to be a priority, understanding that women have many priorities and all of them must be acknowledged," Harris told The 19th*'s Errin Haines-Whack.