The Facts About By-Mail Ballot Security


With Election Day (November 8) for the U.S. midterm elections here, we anticipate that the post-election counting period is likely to launch a new cycle of disinformation intended to undermine public confidence in the legitimacy of election outcomes. We have referred to these efforts as “manufactured chaos:” coordinated efforts to interfere with — and potentially overwhelm — normal election administration processes (including procedures and/or technology), based on assumptions of irregularities or malfeasance, even when allegations are not supported by facts.  As part of the chaos that’s likely to come during the post-election counting period, we anticipate that false narratives around by-mail ballots in particular are likely to be one of the key themes. Since 2020, despite the fact that inaccurate and sensational claims about by-mail ballots have been thoroughly and repeatedly debunked, they remain one of the most widespread forms of disinformation. These assertions need to be thoroughly clarified and corrected, because they are not based on facts.

In this article, we dig more deeply into the details of by-mail voting operations, as well as the technical features associated with creating and printing ballots. Through a series of Frequently Asked Questions (FAQs), we show that “fake” by-mail ballots cannot be simply “dropped into” an election, or into drop-boxes, willy-nilly, as some inflammatory assertions would have you believe.

The facts are that outbound mailing of blank ballots, inbound return of voted ballots, and scanning and tabulation are all tightly controlled. More specifically:

  • Blank ballots are not simply sent out “en masse,” without controls;
  • By-mail voting depends on well-vetted records to determine voter eligibility, just like in-person voting;
  • Returned ballots undergo a rigorous verification process, to ensure that they are valid; and
  • Technical features of ballots make it difficult for a bad actor to copy them without detection —sort of similar to counterfeiting money, but not as complicated; yet, still difficult and so far, without the same level of criminal liability.

Frequently Asked Questions

Isn’t by-mail voting a “tidal wave”?

Answer: No. Despite what some would have you believe, there have been no efforts to impose “nationwide” by-mail voting, in the sense that millions of ballots are being proactively sent to people everywhere. In fact, the U.S. doesn’t have a uniform national election system; instead, in accordance with the Tenth Amendment, each individual state decides how to administer its own elections, so it’s up to each state to decide whether to offer by-mail voting, and exactly how it will be implemented (because there are different ways of doing it, as we see below).

Doesn’t by-mail voting favor one party over another?

Answer: No. By-mail voting has broad bipartisan support, and it is not “new.” In fact, for many years, every single state has had provisions to offer by-mail ballots to certain voters instead of voting in-person, and by-mail voting has been successfully used for military and overseas voters for decades. Broadly speaking, the protocols and security associated with by-mail ballots have been tested again and again, for years. Furthermore, in recent years, to protect public health in response to the COVID-19 pandemic, Republican and Democratic states alike have greatly expanded access to by-mail voting. The trend is strongly bipartisan, and no-excuse mail voting options (i.e., available to all registered voters, without needing to provide an “excuse” for not voting in-person) are available in states with red and blue governors alike. Furthermore, recent research from Stanford University found that by-mail voting is neutral in its partisan effects, in terms of both turnout and outcomes.

With by-mail voting, isn’t there mass mailing of ballots to all manner of people?

Answer: No. With by-mail voting, the issuance of blank ballots is highly controlled. By-mail voting issues blank ballots only to registered voters, just like in-person voting. More specifically, election officials match voter registration records to individual blank ballots before any are sent through the U.S. Postal Service (USPS). And, when voters return marked ballots to the elections office, there are strict verification protocols in place (see below for details).

With by-mail voting, don’t all voters get a blank ballot?

Answer: No. Only seven (six all by-mail) states (CA, CO, HI, NV, OR, WA, UT) proactively send blank ballots to all registered voters. The vast majority of states are requiring voters to submit a mail ballot request before the elections office will issue a blank ballot to the voter (and the request and the voter registration record are, of course, tracked by the elections office). With by-mail voting, states continue to implement all of their state-specific rules to determine eligibility and to maintain integrity, including the need for IDs, signatures (under penalty of felony crime), and other forms of voter qualification. In short, elections offices know exactly who is issued a blank ballot, and how many ballots the office can expect to receive in return.

As a result, since every single ballot issued is tied to a specific voter registration record, for a malicious third party to “counterfeit” a ballot, they would need to know personal voter information, to “mimic” the real voter – and they would also need to return the voted counterfeit ballot at exactly the right time, (i.e., before the real voter – assuming that the bad actor could somehow know or verify that that individual voter had indeed requested a ballot, or was supposed to receive one). But that’s just the beginning. 

Can’t someone simply create fake ballots? Isn’t it just a bunch of titles, names & ovals?

Answer: No. For a long list of reasons associated with the complexity of election data, voting system software, and printing specifications, creating a counterfeit ballot that evades detection is difficult.

First of all, to be accepted as a valid ballot by voting system scanners, ballots must be created with specialized software from the voting system; only that software can create a properly-formatted layout that the voting system will accept.

More specifically, for a ballot to be accepted by the voting system as valid, a counterfeiter would need to know all of the following technical specifications:

  1. Codes that uniquely identify the specific election
  2. Precinct codes associated with sub-units of the election jurisdiction
  3. Specific election content
  4. A variety of additional validation information, such as “checksums,” which are typically encoded in barcodes.

In other words, when ballots are scanned, the voting system will only recognize ballots that were programmed from the voting system itself, through the use of specialized software that is secured in the elections back-office, as part of the “election management system.” Some of the validation that the scanners are looking for isn’t even human-readable; sometimes, it’s invisible to the eye, in a barcode; or it may be a handful of numbers, devoid of context or meaning to the casual observer.

And finally, another reason that it’s hard for a bad actor to counterfeit ballots is because of different “ballot styles.” In other words, in a given election, not all voters have ballots that look the same, due to cross-cutting Federal, State, and other district boundaries (which vary by address). As a result, an election could have dozens, hundreds, or even thousands of distinct ballot styles, each of which must be validated by the voting system software — and a bad actor would need to get them exactly right.

What’s so hard about printing a bunch of ballots? Isn’t it like using a copier?

Answer: No. Ballots must be printed to exacting specifications in order to be accepted by voting system scanners. It’s not like making copies on office-grade photocopy paper. In addition to all of the election data and ballot logic that a bad actor would need to get right (see above), ballots and scanners require:

  • specific paper weights;
  • exact margins;
  • exact image sizes; and
  • exact placement of option boxes or ovals.

If any of those printing specifications are incorrect, the scanner will reject the ballot, thereby alerting election officials of any ballots that require further investigation.

What’s to prevent a fake ballot sent to the elections office from being accepted?

Answer: Assuming a bad actor could jump through all the difficult technical and printing hoops we’ve described above to make a “fake” or counterfeit ballot, when it’s received at the elections office, the envelope containing the ballot in its own secrecy envelope is validated with a barcode uniquely tied to a voter registration record.

So, every incoming piece of mail is being checked for three things:

  1. Does it have a barcode in the specific format that the elections office uses?
  2. Does the barcode on the envelope link to a valid voter registration record; and
  3. Was a ballot actually mailed to that voter?

What’s to prevent someone from returning a ballot intended for a different eligible voter?

Answer: The voter’s signature. Ballots inside returned envelopes aren’t accepted for counting until the voter’s signature on the outer envelope is validated by authorized people – usually bipartisan teams.

Signature verification is a critical part of ensuring that only valid ballots from eligible voters get counted. In fact, some larger jurisdictions even train their elections staff and bipartisan teams on handwriting analysis from forensic experts associated with the FBI, for example. If a ballot return envelope is missing a signature, or if the signature does not appear to match the one on file, some states have a process to address or “cure” these discrepancies by notifying the voter on the address of record there is a concern about the signature and allowing them to provide their signature again – but sadly, many states do not offer such an option to voters. Signature curing (where offered) ensures ballots from eligible voters can be counted – and conversely, since a bad actor would be unlikely to respond to inquiries about signature discrepancies, counterfeit ballots would be rejected, and never counted.

Note: As mentioned above, not all states enable a voter to “cure” a signature mismatch; some states simply perform a “signature reject” and they may not even notify a voter to let them know their ballot was rejected.

When counting votes, isn’t it possible to “dump” large volumes of fake mail ballots at the counting center in the middle of the night, to change the outcomes?

Answer: No. The false idea that key jurisdictions “stopped the election in the middle of the night” in 2020 to “fix” the results is one of the more pernicious falsehoods that continues to this day. The claims are false for two reasons.  First, it simply takes time to process and tabulate mail ballots. Unlike in-person voting, thousands of ballots must be removed from envelopes; each ballot must be cross-checked with voter registration data; and signatures must be verified before the ballot can even be accepted and scanned.

Furthermore, the delay in processing is exacerbated in some key states because some are prohibited from processing mail ballots before Election Day. In critical states like Pennsylvania and Wisconsin, officials are not allowed to even begin processing by-mail ballots until polls open on Election Day. In Michigan, officials are given just two days in advance to process ballots.

Thus, in states where preprocessing is not allowed, it creates a bottleneck, which means that there is no other option but to report mail-ballot results after the polls close on Election Day, perhaps in the middle of the night. And in states with large numbers of by-mail ballots, it may take several days to complete the scanning process.

It’s also important to note that modern voting technology can contribute to the appearance of sudden “spikes” in ballot counts. Modern ballot scanning systems typically allow election officials to scan and store cast vote record data for thousands of mail ballots before actually tabulating the results on Election Night. For example, states may spend weeks preprocessing and scanning thousands of ballots, day after day, and the cast vote record data is “held” or stored on a memory card until Election Night. The results are not aggregated and reported until the memory card is inserted into a tabulation computer after the close of polls on Election Day — at which point results from those ballots suddenly “appear,” all at once. But those are not “ballot dumps;” the appearance of results from many ballots all at once is an artifact of reading the memory card at a distinct point in time, even if the memory card reflects prior ballot scanning that has taken weeks to complete.

Finally, it’s important to remember that for all of the security and validation reasons described above, it would also be an enormous effort to insert thousands of “fake” ballots into the work-stream without detection; there are simply too many security features and cross-checks that would have to be overcome.

Review & Summary

To summarize, all of the following aspects of by-mail voting have a host of security protocols and safeguards:

  1. Outbound mailing of blank ballots
  2. Inbound validation of voted ballots
  3. Processing and scanning of voted ballots

Here are the details…

The outbound issuance of blank ballots is controlled:

  • Ballots are not sent “en masse”
  • Ballots are not sent to “just anyone”
  • Ballots are usually not sent proactively
  • Ballots are tied to validated records of eligible voters

If a returned ballot cannot be associated with an eligible voter, it’s investigated.

The inbound validation of returned ballots is controlled:

  • Returned envelopes are barcoded in a specific format
  • Returned envelopes are verified against voter registration records
  • Returned ballots are verified against records of ballots mailed
  • Returned envelopes are typically verified by comparing signatures to those on file

If a returned ballot fails any of these, it’s investigated.

The processing and scanning of marked ballots is controlled:

  • Ballots must meet all technical specifications of voting system software
  • Ballots must meet conform with all data logic contained in the specific election definition
  • Ballots must meet all printing specifications

If a returned ballot fails any of these, it will be rejected by the scanner.

And last but not least, please do not listen to, read, or take as truth the inflammatory talk or content about “fraud” associated with by-mail voting. It’s just talk, and the facts say otherwise. Documented rates of fraud associated with by-mail voting are incredibly small.


The OSET Institute hopes that this Explainer puts to rest some of the irresponsible claims that have been made about the security of by-mail voting. By-mail voting continues to be an essential part of providing access to the ballot box during the November 2022 midterm elections, along with a proper balance of in-person voting locations for those who want or need to vote that way.

6 responses to “The Facts About By-Mail Ballot Security

  1. You want to consider updating your answer to the question: “With by-mail voting, don’t all voters get a blank ballot?”

    California requires its counties to mail a ballot to all active registered voters.

  2. Hi Bob-
    I want to observe that I believe the article was focused on the issues related to “all by-mail” states, of which CA is not (yet) one, although the counties are compelled to send blank ballots to all eligible registered voters regardless. Of course, the situation in CA (as you know far better than I) is that CA voters can vote in person, whereas in the 6 states originally referred to (before the editor offered that helpful clarification) are exclusively by-mail voting states and in-person is a special circumstance exception (like in Oregon where I reside, while I work in Silicon Valley). Nuanced for sure, and so regardless, I appreciate you weighing-in and reading the article. I just thought it helpful to observe the intent behind this piece was to help dispel the misinformation about the processes of by-mail voting (or “vote by mail” as some call it).

  3. You include very directed answers to specific questions, and used biased sources, apprently thinking that covers enerything.
    What you don’t cover is when the voter registration database gets deleted, so they have nothing to audit against.
    Or when the mail in envelopes are destroyed in violation of State law, so they cannot compare the ballot with them.
    Or when multiple ballots are sent to the same address….sometimes hundreds of them.
    Or when extra VALID ballots are sent out (not counterfeits).
    We received ballots at our address for multiple people who haven lived here in years, more than one of them are passed away.

    Here is one thing that cannot be denied. Multiple swing States conducted their elections under adjusted conditions and rule structures, in direct violation of the Laws established by their State Legislatures. These changes were put in place by Governors, Mayors, City Councils, and even health officials, when the Laws specifically state that only State Legislatures can make those changes, and only OUTSIDE of the time-frame in front of or behind the election date. I don’t care if everybody was still going wonkers over COVID, that doesn’t give anybody the ability to change election laws within the strict and lawful time-frame in front of and following an election cycle established by State Law.

    Debunk that….

    1. DC-
      You make several allegations here that we would love to chase-down and verify, believe us.
      1. Your allegation about changes against the law is something we’ve heard before, and is beyond our pay-grade to address unless and until we see litigation and other evidence that in fact, laws were violated. We know there are disagreements about what powers and legal capabilities allowed some changes but not others. If you have facts, information, or other data we could use to research this, that would be great! We’d be glad to follow up with additional coverage of this.

      2. For each of the other elements you cited, again, please give us facts, specific incidents, and not just pass along hearsay. We’ve all heard many of these things apparently occurred. OK, let’s get very specific about when and where and we’ll definitely be on it.

      3. You make some important and valid comments about the state of voter registrations systems in general, and we agree much can be done to improve the quality and integrity of voter rolls management. Here are two examples of projects we’re working on to do just that:

      A couple of points:
      1. We have never heard of an entire voter registration database being “deleted” without a backup. Can you imagine the chaos that would actually cause in any given jurisdiction? Do you have a specific incident you can point us to? That’s solid newsworthy. As to the audits situation we’re with you and why we’re working on Vanadium (see doc link above).

      2. Blank ballots are sort of similar to blank checks. They are not transact-able (like cash) until someone fills out the check, presents it as payment, and no one verifies the authenticity of the drafter. In financial services there is fraud protection for that (you can get your money back). In voting there is no such protection, but there is a process that prevents harmless blank ballots from becoming cast votes: that process involves officials requiring that a ballot be associated with a voter. For In-person voting that is controlled by the in-precinct voting process. Ballots received by mail from absentee voters or military overseas, etc. all must be adjudicated; that is, there must be a signed transport envelope. So, ballots cannot and are not simply received and counted without processes governing whether and how they are accepted. So, we’re not so worried about blank ballots floating about, because they’re worthless unless and until cast; and they’re only cast if (and only if) they can associated to a voter (either in a controlled process of in-person casting, or by official examination of their transport envelope). And to be sure, the transport envelope not only contains the attestation signature space, but includes the bar codes and return address, which must match for one registered voter at that same valid registration address.

      Thanks for your comments, DC! Again, some good stuff we agree with and some stuff we’d love to see more facts and specific incident accounts… we will happily write about and expose those when they are backed by facts and data or court records, for sure.

  4. Hi DC,

    You make some excellent points here:

    [“Or when multiple ballots are sent to the same address….sometimes hundreds of them.”]

    While you did not specify a location, I think I might be familiar with the local news story in 2020 that you’re referencing. That specific incident did not involve hundreds of ballots mailed to a specific address-as it turned out, there had been a theft of a postal worker’s master key, and hundreds of pieces of mail, including a few dozen Vote By Mail ballots, were found in an abandoned building where the people responsible for the key and mail theft had intended to stash them temporarily-and they were probably more interested in the possible financial gain from uncashed unemployment checks and PPP loan checks than they were the ballots. However, check fraud and identity theft rarely garner enough media interest, due to how often that situation occurs. A story about hundreds of ballots mailed to one address during a high profile election year is a much more exciting topic, even if it may not be the entire story.

    [“Or when extra VALID ballots are sent out (not counterfeits).
    We received ballots at our address for multiple people who haven lived here in years, more than one of them are passed away.”]

    DC, I agree with you 100% that this is a serious flaw with modern Vote By Mail systems in many jurisdictions, and it must be frustrating to feel as if you are now reponsible for the ballot security of someone who hasn’t lived at that address in years, or has died. While election officials try their best to keep clean voter rolls, unfortunately, voters do slip through the cracks after moving or dying. Many voters don’t understand that voter registration is not portable, and the responsibility for notifying the proper authorities about an address, name change, or death lies with the voter or their next of kin, not their election office! To add to the frustration, election mail cannot be forwarded to the voter at their new address! Mail ballot trackers are an important part of ensuring timely ballot delivery and return, but they are only as good as the information in a voter’s file.

    Clearly, there are parts of voting by mail that really do need to be changed and better accounted for in order to ensure the integrity and security of a voter’s mail ballot. Your input is very much appreciated and we need people like you to ask the hard questions-it keeps us accountable as well. Hopefully this provided some context regarding some less than ideal situations that do need honest evaluation and resolution moving forward, and I’m happy to discuss possible solutions in the future. Thanks for reading and taking the time to comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.