Subscribe to receive notifications of new posts:

With 14 days to go, we haven’t nailed the basics: election security risks from expired domains


2 min read

This blog originally appeared in October 2020 on the Area 1 Security website, and was issued in advance of Cloudflare's acquisition of Area 1 Security on April 1, 2022. Learn more.

In less than two weeks on 3 November 2020, the United States of America will hold its quadrennial Presidential election. Concerns over cybersecurity protections and processes implemented over the preceding four years remain high, as reports of foreign interference, infrastructure vulnerabilities, and failed preparedness continue to abound.

Area 1 Security outlined the risks posed by threat actors to election administrators and their email security controls in a recent report; and we continue to analyze the baseline security practices as the nation prepares for the elections.

Just this week on Monday, 19 October 2020, the website for Orange County, Florida’s Supervisor of Elections was down. Florida’s fifth-most populous county failed to properly re-register their domain, something that was luckily resolved without incident. Four more election sensitive domains are set to expire before Election Day on 3 November 2020: 2020-10-22T15:48:51Z 2020-10-27T04:00:00Z 2020-11-01T21:06:59.000Z 2020-11-02T14:07:25Z

And another 20 are set to expire before the year’s end, which could be critical if outcomes are not determined or remain in question before inauguration day on 20 January 2021. 2020-11-10T05:00:00Z 2020-11-13T16:46:49Z 2020-11-14T00:01:15Z 2020-11-14T22:28:21Z 2020-11-15T23:58:58Z 2020-11-16T16:13:58Z 2020-11-17T18:13:46Z 2020-11-21T18:40:57.00Z 2020-11-21T19:20:24Z 2020-11-27T23:59:59Z 2020-12-04T15:43:00Z 2020-12-06T17:31:36Z 2020-12-16T11:25:06Z 2020-12-18T23:59:59Z 2020-12-20T11:59:59Z 2020-12-23T17:34:03Z 2020-12-24T05:00:00Z 2020-12-26T16:10:34.000Z 2020-12-27T23:59:59Z 2020-12-29T23:59:59Z

An extensive list of election sensitive domain registrations is provided here.

Failure for any organization to properly register their domains poses several key risks:

  1. Anyone who might register an election-sensitive domain would be able to assume the identity of elections officials and send phishing emails.
  2. Critical voter information could be removed from the internet or changed.


  • Vote!
  • Domain owners should check the expiration dates of their domains and immediately make sure they are secured for the maximum ownership time available
  • Observe the recommendations for securing email in the prior “Phishing Election Administrators” report outlining the risks to election administrators and officials.
We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Email SecurityCloud Email SecurityPhishing

Follow on X


Related posts