Major UK political parties vulnerable to phishing

Nobody wants a Christmas general election to interfere with the general merriment and festivities of the one winter event that we enjoy and some of us well, endure. And what’s more, the run up to this year’s has been particularly hostile and mired with controversy and, let’s face it, a little deceit. 

With the Tory press office Twitter profile being rebranded ‘@factcheckuk’, the public can hardly be blamed for being suspicious about the party’s motives. For many unwitting Twitter users, this profile was a genuine, verified account, discharging a steady stream of objective political facts. 

Misleading. Impersonation. Duping. We often use those words when we talk about phishing emails. Scammers impersonating a trusted organisation to mislead you into handing over personal details or money… The similarities are somewhat worrying! 

So in that vein, we thought we’d take a look at how well the 13 political parties from GB and NI were protecting their constituents from the potential of phishing attacks by analysing their primary email domains. 

Annnnd you’ve guessed it, none of the parties had their DMARC policies configured to quarantine, let alone reject. Only three of the parties – Liberal Democrats, Labour and SNP had a valid DMARC policy, but would still need to tighten configurations to direct impersonated emails using the email domain for example, into the spam/junk folder.

So, with under a week to go, we implore you to take anything you read from a political email with a pinch of salt – seek out the official websites, try and find an impartial news site, and mostly, get out there and vote! Should you need any help with setting up your DMARC policy and ensuring the emails you both send and receive are legitimate, contact a member of the team!

Research methodology: Red Sift conducted the study in November 2019, using the domains of the main political parties in the UK with candidates from GB & NI running for the general election on 12 December 2019. 


Clare Holmes

6 Dec. 2019



Recent Posts


Red Sift Recognized on Deloitte’s EMEA Fast 500™ List

Francesca Rünger-Field

We’re thrilled to share that Red Sift has been included in Deloitte’s 2023 EMEA Fast 500 list. This recognition stems from 389% revenue growth over three years, $54 million in Series B funding, acquiring ASM innovator Hardenize, and introducing the Red Sift Pulse Platform. Read the press release here. About the award The Deloitte Technology Fast…

Read more
Brand Protection

The vital role of cybersecurity for Nonprofits: A deep dive 

Sean Costigan

Save the Children, a beacon of hope and change, has been dedicated to improving the lives of children for over a century. Founded in London, it now has a presence in 29 nations, employing 844 staff members in the UK alone and engaging over 3600 formal volunteers. As charities and nonprofits like Save the…

Read more

Red Sift brings DMARC data to the SOC with new Cisco XDR…

Rebecca Warren

Today, we’re thrilled to announce that we’re extending our partnership by joining the Cisco Security Technical Alliance and integrating Red Sift OnDMARC with Cisco XDR. This integration builds on the Domain Protection partnership we announced in November 2023 to bring visibility of business email compromise into the SOC (security operations center). At release, Red…

Read more

Preventing certificate related violations in cybersecurity frameworks:  A guide to certificate monitoring…

Rebecca Warren

TLS is one of the most widely adopted security protocols in the world allowing for unprecedented levels of commerce across the internet.  At the core of the TLS protocol is TLS certificates. Organizations must deploy TLS certificates and corresponding private keys to their systems to provide them with unique identities that can be reliably…

Read more