With 14 Days to Go, We Haven’t Nailed the Basics.

In less than two weeks on 3 November 2020, the United States of America will hold its quadrennial Presidential election. Concerns over cybersecurity protections and processes implemented over the preceding four years remain high, as reports of foreign interference, infrastructure vulnerabilities, and failed preparedness continue to abound.

Area 1 Security outlined the risks posed by threat actors to election administrators and their email security controls in a recent report; and we continue to analyze the baseline security practices as the nation prepares for the elections.

Just this week on Monday, 19 October 2020, the website for Orange County, Florida’s Supervisor of Elections was down. Florida’s fifth-most populous county failed to properly re-register their domain, something that was luckily resolved without incident. Four more election sensitive domains are set to expire before Election Day on 3 November 2020:

albanywi.org 2020-10-22T15:48:51Z
bcn.net 2020-10-27T04:00:00Z
chesternh.org 2020-11-01T21:06:59.000Z
bethlehemnh.org 2020-11-02T14:07:25Z

And another 20 are set to expire before the year’s end, which could be critical if outcomes are not determined or remain in question before inauguration day on 20 January 2021.

arwhlaw.com 2020-11-10T05:00:00Z
cityofcumberland.net 2020-11-13T16:46:49Z
burnetcountytexas.org 2020-11-14T00:01:15Z
antwerptownship.com 2020-11-14T22:28:21Z
bessemermi.org 2020-11-15T23:58:58Z
carsoncitymi.com 2020-11-16T16:13:58Z
carrollcountyga.com 2020-11-17T18:13:46Z
buttscounty.org 2020-11-21T18:40:57.00Z
bridgeportmi.org 2020-11-21T19:20:24Z
ci.superior.wi.us 2020-11-27T23:59:59Z
bentcounty.net 2020-12-04T15:43:00Z
cityofbr.org 2020-12-06T17:31:36Z
birchruntwp.com 2020-12-16T11:25:06Z
ci.emporia.va.us 2020-12-18T23:59:59Z
hardeecountyelections.com 2020-12-20T11:59:59Z
barrecity.org 2020-12-23T17:34:03Z
alphacomm.net 2020-12-24T05:00:00Z
andersoncountyks.org 2020-12-26T16:10:34.000Z
broomecounty.us 2020-12-27T23:59:59Z
hcnj.us 2020-12-29T23:59:59Z

An extensive list of election sensitive domain registrations is provided here.

Failure for any organization to properly register their domains poses several key risks:

  1. Anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails.
  2. Critical voter information could be removed from the internet or changed.


  • Vote!
  • Domain owners should check the expiration dates of their domains and immediately make sure they are secured for the maximum ownership time available
  • Observe the recommendations for securing email in the prior “Phishing Election Administrators” report outlining the risks to election administrators and officials.

Want to keep up to date with the latest phishing trends? 

Subscribe to our newsletter here!


How to replace your email gateway with Cloudflare Area 1

Leaders and practitioners responsible for email security are faced with a few truths every day. It’s likely true that their email is cloud-delivered and comes with some built-in protection that does an OK job of stopping spam and commodity malware.

Introducing email link isolation – Email gateway replacement playbook

This week was a big one for us at Cloudflare, one of our four innovation weeks which we hold annually, showcasing new developments, product news and reference architectures.

Superhero strategies for the Phish Fight

Today is National Superhero Day, and we would like to dedicate this day to you—the SOC teams and the security experts on the frontline of the phish fight.