Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

News outlet’s email security gap

Axios: “An Axios study shows that very few news organizations — around 6% of a broad sample — successfully use a critical technology that guarantees emails they send are authentic. The big picture: We’ve written before about the Department of Homeland Security’s struggle to get federal agencies and the White House to implement DMARC, a security protocol that prevents someone from successfully sending an email using someone else’s email address. It’s only fair to turn that lens on our own industry.

Why it matters: As the news industry increases its reliance on email alerts and newsletters (represent!), our credibility makes us a target for spammers, scammers and purveyors of disinformation or fraud.

  • Imagine a news alert that appears to come from a business publication claiming a company was going bankrupt.
  • Or consider a newsletter on Election Day claiming a candidate had suddenly changed position on a key issue.

Details: Axios used a tool designed by email security company Valimail to check the DMARC status of 199 different news sites — including overlapping lists of the Alexa top 100 news providers, news outlets serving cities of 100,000 or more, and prominent online news sources.

  • Only 12 use DMARC in a way that would prevent fake email from getting to its target.
  • Of the 98 local news sites, only 1 had fully operational DMARC.
  • The list of sites not protected by DMARC includes influential news sources, from the New York Times and USA Today to Fox and NBC networks to Voice of America and major international outlets. [emphasis added]

Sorry, comments are closed for this post.