Most domains linked to US election vulnerable

By Dylan Bushell-Embling
Monday, 12 October, 2020

Most domains linked to US election vulnerable

Over 90% of web domains associated with the presidential election campaigns of Donald Trump and Joe Biden are not using registry locks to protect their domains from domain and DNS hijacking, research suggests.

The research from CSC’s Digital Branch Services division found that web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols.

These domains are being targeted for disinformation activities such as domain spoofing, and threats including domain name and DNS hijacking and phishing.

Of the typo domains associated with and, 60% are still available for registration, leaving them open to future threats. More than a third of currently registered typo domains are meanwhile linked to third parties.

Of this third, nearly 70% were registered in 2020 leading up to next month’s election, are configured to send and receive emails, which can be used to lure donors to phishing sites and conceal the domain owner’s identity behind proxy or privacy services.

Meanwhile, more than 75% of the election-related domains are using retail-grade domain registrars, which do not provide advanced security protocols.

“Due to the sensitivity and importance of the US election process, domain security remains a major vulnerability for the potential of foreign interference, fraud and misinformation,” CSC DBS Executive Vice President Mark Calandra said.

“As an organisation with the most visibility into the domain landscape, we advocate for the sanctity of voter trust and encourage both presidential candidates and other websites in the electoral ecosystem to prioritise domain security on their websites to ensure security and build confidence.”

Spamhaus Industry Liaison Matthew Smith added that his company, CSC DBS, and others have been banging the drum about the importance of securing election-related domains for some time.

“We have reached the point where awareness is not enough. Those responsible for managing domain registrations, including registrars and hosting companies, need to have an actionable plan that is aligned with best practices,” he said.

“Additionally, experiences must be shared between those within the industry for the good of the wider internet community.”

Image credit: ©

Related Articles

Navigating the crossroads of cybersecurity and mental health

The need for mental health support within the cybersecurity profession has been evident for quite...

Cybersecurity can be a source of competitive advantage for Australia

Collaborating with industry stakeholders to devise a ransomware reporting obligation is a key...

Time is the new currency in cybersecurity: how Aussie businesses can avoid losing it to hackers

With the ever-increasing speed and sophistication of cyber attacks, we need speed, scale and...

  • All content Copyright © 2023 Westwick-Farrow Pty Ltd