You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow? That's me right now, and the penny has just dropped that a Mailchimp phish has grabbed my credentials, logged into my account and exported the mailing list for this blog. I'm deliberately keeping this post very succinct to ensure the message goes out to my impacted subscribers ASAP, then I'll update the post with more details. But as a quick summary, I woke up in London this morning to the following:

I went to the link which is on mailchimp-sso.com and entered my credentials which - crucially - did not auto-complete from 1Password. I then entered the OTP and the page hung. Moments later, the penny dropped, and I logged onto the official website, which Mailchimp confirmed via a notification email which showed my London IP address:

I immediately changed my password, but not before I got an alert about my mailing list being exported from an IP address in New York:

And, moments after that, the login alert from the same IP:

This was obviously highly automated and designed to immediately export the list before the victim could take preventative measures.

There are approximately 16k records in that export containing info Mailchimp automatically collects and they appear as follows:

[redacted]@gmail.com,Weekly,https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/#subscribe,2,"2024-04-13 22:03:08",160.154.[redacted].[redacted],"2024-04-13 22:00:50",160.154.[redacted].[redacted],5.[redacted lat],'-4.[redacted long],0,0,Africa/Abidjan,CI,AB,"2024-04-13 22:03:08",130912487,3452386287,,

Every active subscriber on my list will shortly receive an email notification by virtue of this blog post going out. Unfortunately, the export also includes people who've unsubscribed (why does Mailchimp keep these?!) so I'll need to work out how to handle those ones separately. I've been in touch with Mailchimp but don't have a reply yet, I'll update this post with more info when I have it.

I'm enormously frustrated with myself for having fallen for this, and I apologise to anyone on that list. Obviously, watch out for spam or further phishes and check back here or via the social channels in the nav bar above for more. Ironically, I'm in London visiting government partners, and I spent a couple of hours with the National Cyber Security Centre yesterday talking about how we can better promote passkeys, in part due to their phishing-resistant nature. 🤦‍♂️

More soon, I've hit the publish button on this 34 mins after the time stamp in that first email above.

More Stuff From After Initial Publish

Every Monday morning when I'm at home, I head into a radio studio and do a segment on scams. It's consumer-facing so we're talking to the "normies" and whenever someone calls in and talks about being caught in the scam, the sentiment is the same: "I feel so stupid". That, friends, is me right now. Beyond acknowledging my own foolishness, let me proceed with some more thoughts:

Firstly, I've received a gazillion similar phishes before that I've identified early, so what was different about this one? Tiredness, was a major factor. I wasn't alert enough, and I didn't properly think through what I was doing. The attacker had no way of knowing that (I don't have any reason to suspect this was targeted specifically at me), but we all have moments of weakness and if the phish times just perfectly with that, well, here we are.

Secondly, reading it again now, that's a very well-crafted phish. It socially engineered me into believing I wouldn't be able to send out my newsletter so it triggered "fear", but it wasn't all bells and whistles about something terrible happening if I didn't take immediate action. It created just the right amount of urgency without being over the top.

Thirdly, the thing that should have saved my bacon was the credentials not auto-filling from 1Password, so why didn't I stop there? Because that's not unusual. There are so many services where you've registered on one domain (and that address is stored in 1Password), then you legitimately log on to a different domain. For example, here's my Qantas entry:

And the final thought for now is more a frustration that Mailchimp didn't automatically delete the data of people who unsubscribed. There are 7,535 email addresses on that list which is nearly half of all addresses in that export. I need to go through the account settings and see if this was simply a setting I hadn't toggled or something similar, but the inclusion of those addresses was obviously completely unnecessary. I also don't know why IP addresses were captured or how the lat and long is calculated but given I've never seen a prompt for access to the GPS, I imagine it's probably derived from the IP.

I'll park this here and do a deeper technical dive later today that addresses some of the issues I've raised above.

The Technical Bits

I'll keep writing this bit by bit (you may see it appear partly finished while reading, so give the page a refresh later on), starting with the API key that was created:

This has now been deleted so along with rolling the password, there should no longer be any persistent access to the account.

Unfortunately, Mailchimp doesn't offer phishing-resistant 2FA:

By no means would I encourage people not to enable 2FA via OTP, but let this be a lesson as to how completely useless it is against an automated phishing attack that can simply relay the OTP as soon as it's entered. On that note, another ridiculous coincidence is that in the same minute that I fell for this attack, I'd taken a screen cap of the WhatsApp message below and shown Charlotte - "See, this reinforces what we were talking about with the NCSC yesterday about the importance of passkeys":

Another interesting angle to this is the address the phish was sent to:

The rest of that address is probably pretty predictable (and I do publish my full "normal" address on the contact page of this blog, so it's not like I conceal it from the public), but I find it interesting that the phish came to an address only used for Mailchimp. Which leaves two possibilities:

1. Someone specifically targeted me and knew in advance the pattern I use for the address I sign up to services with. They got it right first go without any mail going to other addresses.
2. Someone got the address from somewhere else, and I've only ever used it in one place...

Applying some Occam's razor, it's the latter. I find the former highly unlikely, and I'd be very interested to hear from anyone else who uses Mailchimp and received one of these phishes.

Still on email addresses, I originally read the phish on my iThing and Outlook rendered it as you see in the image above. At this point, I was already on the hook as I intended to login and restore my account, so the way the address then rendered on the PC didn't really stand out to me when I switched devices:

That's so damn obvious 🤦‍♂️ The observation here is that by not rendering the sender's address, Outlook on iOS hid the phish. But having said that, by no means can you rely on the address as a solid indicator of authenticity but in this case, it would have helped.

Curious as to why unsubscribed users were in the corpus of exported data, I went searching for answers. At no point does Mailchimp's page on unsubscribing mention anything about not deleting the user's data when they opt out of receiving future emails. Keeping in mind that this is AI-generated, Google provided the following overview:

That "Purpose of Keeping Unsubscribes" section feels particularly icky and again, this is the AI and not Mailchimp's words, but it seems to be on point. I can go through and delete unsubscribed addresses (and I'll do that shortly as the last thing I'm going to do now is rush into something else), but then it looks like that has to be a regular process. This is a massive blindspot on Mailchimp's behalf IMHO and I'm going to provide that feedback to them directly (just remembered I do know some folks there).

I just went to go and check on the phishing site with the expectation of submitting it to Google Safe Browsing, but it looks like that will no longer be necessary:

2 hours and 15 minutes after it snared my creds, Cloudflare has killed the site. I did see a Cloudflare anti-automation widget on the phishing page when it first loaded and later wondered if that was fake or they were genuinely fronting the page, but I guess that question is now answered. I know there'll be calls of "why didn't Cloudflare block this when it was first set up", but I maintain (as I have before in their defence), that it's enormously hard to do that based on domain or page structure alone without creating a heap of false positives.

On the question of the lat and long in the data, I just grabbed my own records and found an IP address belonging to my cellular telco. I had two records (I use them to test both the daily and weekly posts), both with the same IP address and created within a minute of each other. One had a geolocation in Brisbane and the other in far north Queensland, about 1,700km away. In other words, the coords do not pinpoint the location of the subscriber, but the record does contain "australia/brisbane,au,qld" so there's some rough geolocation data in there.

Loading the List into Have I Been Pwned

When I have conversations with breached companies, my messaging is crystal clear: be transparent and expeditious in your reporting of the incident and prioritise communicating with your customers. Me doing anything less than that would be hypocritical, including how I then handle the data from the breach, namely adding it to HIBP. As such, I’ve now loaded the breach and notifications are going out to 6.6k impacted individual subscribers and another 2.4k monitoring domains with impacted email addresses.

Looking for silver linings in the incident, I’m sure I’ll refer this blog post to organisations I disclose future breaches to. I’ll point out in advance that even though the data is “just” email addresses and the risk to individuals doesn’t present a likelihood of serious harm or risk their rights and freedoms (read that blog post for more), it’s simply the right thing to do. In short, for those who read this in future, do not just as I say, but as I do.

The Washup

I emailed a couple of contacts at Mailchimp earlier today and put two questions to them:

1. Are passkeys on your roadmap
2. Where does Mailchimp stand on “unsubscribe” not deleting the data

A number of people have commented on social media about the second point possibly being to ensure that someone who unsubscribes can’t then later be resubscribed. I’m not sure that argument makes a lot of sense, but I’d like to see people at least being given the choice. I’m going to wait on their feedback before deciding if I should delete all the unsubscribed emails myself, I’m not even sure if that’s possible via the UI or requires scripting against the API,.

The irony of the timing with this happening just as I’ve been having passkey discussions with the NCSC is something I’m going to treat as an opportunity. Right before this incident, I’d already decided to write a blog post for the normies about passkey, and now I have the perfect example of their value. I’d also discussed with the NCSC about creating a passkey equivalent of my whynohttps.com project which highlighted the largest services not implementing HTTPS by default. As such, I’ve just registered whynopasskeys.com (and its singular equivalent) and will start thinking more about how to build that out so we can collectively put some pressure on the services that don’t support unphishable second factors. I actually attempted to register that domain whilst out walking today, only to be met with the following courtesy of DNSimple:

Using a U2F key on really important stuff (like my domain registrar) highlights the value of this form of auth. Today’s phish could not have happened against this account, nor the other critical ones using a phishing resistant second factor and we need to collectively push orgs in this direction.

Sincere apologies to anyone impacted by this, but on balance I think this will do more good than harm and I encourage everyone to share this experience broadly.

Update 1: I'll keep adding more thoughts here via updates, especially if there's good feedback or questions from the community. One thing I'd intended to add earlier is that the more I ponder this, the more likely I think it is that my unique Mailchimp address was obtained from somewhere as opposed to guessed in any targeted fashion. A possible explanation is the security incident they had in 2022, which largely targeted crypto-related lists, but I imagine would likely have provided access to the email addresses of many more customers too. I'll put that to them when I get a response to my earlier email.

Update 2: I now have an open case with Mailchimp and they've advised that "login and sending for the account have been disabled to help prevent unauthorized use of the account during our investigation". I suspect this explains why some people are unable to now sign up to the newsletter, I'll try and get that reinstated ASAP (I'd rolled creds immediately and let's face it, the horse has already bolted).

Pondering this even further, I wonder if Mailchimp has any anti-automation controls on login? The credentials I entered into the phishing site were obviously automatically replayed to the legitimate site, which suggests something there is lacking.

I also realised another factor that pre-conditioned me to enter credentials into what I thought was Mailchimp is their very short-lived authentication sessions. Every time I go back to the site, I need to re-authenticate and whilst the blame still clearly lies with me, I'm used to logging back in on every visit. Keeping a trusted device auth'd for a longer period would likely have raised a flag on my return to the site if I wasn't still logged in.

Update 3: Mailchimp has now restored access to my account and the newsletter subscription service is working again. Here's what they've said:

We have reviewed the activity and have come to the same conclusion that the unauthorized export and API key from 198.44.136.84 was the scope of the access. Given we know how the access took place, the API key has been deleted, and the password has been reset, we have restored your access to the account.

They've also acknowledged several outstanding questions I have (such as whether passkeys are on the roadmap) and have passed them along to the relevant party. I'll update this post once I have answers.

There's been a lot of discussion around "Mailchimp are violating my local privacy laws by not deleting emails when I unsubscribe", and that's one of the outstanding questions I've sent them. But on that, I've had several people contact me and point out this is not the case as the address needs to be retained in order to ensure an opted-out individual isn't later emailed if their address is imported from another source. Read this explainer from the UK's ICO on suppression lists, in particular this para:

Because we don’t consider that a suppression list is used for direct marketing purposes, there is no automatic right for people to have their information on such a list deleted.

I suspect this explains Mailchimp's position, but I suggest that should be clearer during the unsubscribe process. I just went through and tested it and at no time is it clear the email address will be retained for the purpose of supression:

My suggestion would be to follow our approach for Have I Been Pwned where we give people three choices and allow them to choose how they'd like their data to be handled:

At present, Mailchimp is effectively implementing the first option we provide and the folks that are upset were expecting the last option. Hopefully they'll consider a more self-empowering approach to how people's data is handled, I'll update this blog post once I have their response.

Update 4: Someone has pointed out that the sending email address in the phish actually belongs to a Belgian cleaning company called Group-f. It's not unusual for addresses like this to be used to send malicious mail as they usually don't have a negative reputation and more easily pass through spam filters. It also indicates a possible compromise on their end, so I've now reached to them to report the incident.

Update 5: I've been contacted by someone that runs a well-known website that received the same phishing email as me. They made the following observation regarding the address that received the phish:

We have subscribed to Mailchimp with an address that is only used to subscribe to services, no outgoing communication from us. The phishing emails were delivered to exactly this address, couldn't yet find them on any other address. This makes me very much believe that possibility #2 is the case - they got the address from somewhere.

This aligns with my earlier observation that a customer list may have been obtained from Mailchimp and used to send the phishing emails. They went on to say they were seeing multiple subsequent phishes targeting their Mailchimp account.

Btw, we got some more (Mailchimp) phishing emails today — same style, this time 4 times writing about a new login detected, and once that an abuse report was received and we needed to take immediate action.

That a customer list may have been compromised was one of the questions I put to Mailchimp and am still awaiting an answer on. That was about 36 hours ago now, so I've just given them a little nudge.

Update 6: There have been a lot of suggestions that Mailchimp should be storing the hashes of unsubscribed emails rather than the full addresses in the clear. I understand the sentiment, and it does offer some protection, but it by no means ticks the "we no longer have the address" box. This is merely pseudoanonymisation, and the hashed address can be resolved back to the clear if you have a list of plain text candidates to hash and compare them to. There's a good explainer of this in the answer to this question on Security Stack Exchange about hashing email addresses for GDPR compliance. IMHO, my example of how we handle this in HIBP is the gold standard that Mailchimp should be implementing.

And there's also another problem: short of cracking the hashed addresses, you can never export a list of unsubscribed email addresses, for example, if you wanted to change mail campaign provider. The only way that would work is if the hashing algorithm is the same in the destination service, or you build some other level of abstraction at any other future point where you need to compare plain text values to the hashed impression list. It's messy, very messy.

Update 7: Validin has written a fantastic piece about Pulling the Threads of the Phish of Troy Hunt that takes a deep dive into the relationship between the domain the phish was hosted on and various other campaigns they've observed.

Given these similarities, we believe the phishing attempt of Troy Hunt is very likely Scattered Spider.

Scattered Spider certainly has previous form, and this was a very well-orchestrated phish. Four days on as I write this, it's hard not to be a bit impressed about how slick the whole thing was.

Rick Pitino after #9 St. John’s huge statement win against #24 Creighton to hold a commanding lead of the Big East. Pitino praised his team’s intensity and focus throughout the game, noting how they have overcome adversity and consistently stayed focused and solid throughout the season.

Introduction

The 10^th Deep Space Climate Observatory (DSCOVR) Earth Polychromatic Camera (EPIC) and National Institute of Standards and Technology (NIST) Advanced Radiometer [NISTAR] Science Team Meeting (STM) was held October 16–18, 2024. Over 50 scientists attended, most of whom were from NASA’s Goddard Space Flight Center (GSFC), with several participating from other NASA centers, U.S. universities, and U.S. Department of Energy laboratories. There was one international participant – from Estonia. A full overview of DSCOVR’s Earth-observing instruments was published in a previous article in The Earth Observer and will not be repeated here. This article provides the highlights of the 2024 meeting. The meeting agenda and full presentations can be downloaded from GSFC’s Aura Validation Data Center.

Opening Presentations

The opening session of the 10^th DSCOVR STM was special. Former U.S., Vice President Al Gore attended the opening session and gave a presentation at the panel discussion “Remote Sensing and the Future of Earth Observations” – see Photo. Gore was involved in the early days of planning the DSCOVR mission, which at that time was known as Triana. He reminisced about his involvement and praised the team for the work they’ve done over the past decade to launch and maintain the DSCOVR mission. Following the STM Opening Session, Gore spoke at a GSFC Engage session in Building 3 later that afternoon on the same topic, but before a wider audience. [Link forthcoming.]

Following Gore’s remarks, the remainder of the opening session consisted of a series of presentations from DSCOVR mission leaders and representatives from GSFC and National Oceanic and Atmospheric Administration (NOAA). Thomas Neumann [GSFC, Earth Sciences Division (ESD)—Deputy Director] opened the meeting and welcomed Vice President Gore and the STM participants on behalf of the ESD. Adam Szabo [GSFC—DSCOVR Project Scientist] briefly reported that the spacecraft was still in “good health.” The EPIC and NISTAR instruments on DSCOVR continue to return their full science observations. He also gave an update on DSCOVR Space Weather research. Alexander Marshak [GSFC—DSCOVR Deputy Project Scientist] briefly described DSCOVR mission history and the science results based on DSCOVR observations from the first Sun–Earth Lagrange point (hereinafter, the L1 point). He also summarized the major EPIC and NISTAR results to date. At this time, more than 125 papers related to DSCOVR are listed on the EPIC website. Elsayed Talaat [NOAA, Office of Space Weather observations—Director] discussed the future of Earth and space science studies from the L1 point.

Updates on DSCOVR Operations

The DSCOVR mission components continue to function nominally. The meeting was an opportunity to update participants on progress over the past year on several fronts, including data acquisition, processing, and archiving, and release of new versions of several data products. The number of people using DSCOVR data continues to increase, with a new Science Outreach Team having been put in place to aid users in several aspects of data discovery, access, and user friendliness.

Amanda Raab [NOAA, DSCOVR Mission Operations and Systems] reported on the current status of the DSCOVR mission. She also discussed spacecraft risks and issues such as memory fragmentation and data storage task anomalies but indicated that both these issues have been resolved.

Hazem Mahmoud [NASA’s Langley Research Center (LaRC)] discussed the work of the Atmospheric Science Data Center (ASDC), which is based at LaRC. He showed DSCOVR mission metrics since 2015, focusing on data downloads and the global outreach of the mission. He noted that there has been a significant rise in the number of downloads and an increasing diversity of countries accessing ozone (O₃), aerosol, and cloud data products. Mahmoud also announced that the ASDC is transitioning to the Amazon Web Services cloud, which will further enhance global access and streamline DSCOVR data processing.

Karin Blank [GSFC] covered the discovery of a new type of mirage that can only be seen in deep space from EPIC. The discussion included the use of a ray tracer in determining the origin of the phenomenon, and under what conditions it can be seen.

Alexander Cede [SciGlob] and Ragi Rajagopalan [LiftBlick OG] gave an overview of the stability of the EPIC Level-1A (L1A) data over the first decade of operation. They explained that the only observable changes in the EPIC calibration are to the dark count and flat field can – and that these changes can be entirely attributed to the temperature change of the system in orbit compared to prelaunch conditions. No additional hot or warm pixels have emerged since launch and no significant sensitivity drifts have been observed. The results that Cede and Rajagopalan showed that EPIC continues to be a remarkably stable instrument, which is attributed to a large extent to its orbit around the L1 point, which is located outside the Earth’s radiation belts and thus an extremely stable temperature environment. Consequently, in terms of stability, the L1 point is far superior to other Earth observation points, e.g., ground-based, low-Earth orbit (LEO), polar orbit, or geostationary Earth orbit (GEO).

Marshall Sutton [GSFC] discussed the state of the DSCOVR Science Operation Center (DSOC). He also talked about processing EPIC Level-1 (L1) data into L2 science products, daily images available on the EPIC website, and special imaging opportunities, e.g., volcanic eruptions.

EPIC Calibration

After 10 years of operation in space, the EPIC instrument on DSCOVR continues to be a remarkably stable instrument. The three presentations describe different ways that are used to verify the EPIC measurements remain reliable.

Conor Haney [LaRC] reported on anomalous outliers during February and March 2023 from the broadband shortwave (SW) flux using EPIC L1B channel radiances. To ensure that these outliers were not a result of fluctuations in the EPIC L1B channel radiances, both the EPIC radiance measurements and coincident, ray-matched radiance measurements from the Visible Infrared Imaging Radiometer Suite (VIIRS), on the Suomi National Polar-orbiting Partnership (Suomi NPP) platform, were processed using the same deep convective cloud invariant target (DCC-IT) algorithm. This analysis confirmed that the anomalous behavior was due to the DCC-IT algorithm – and not because of fluctuations in the EPIC L1B channel radiances. The improved DCC-IT methodology was also applied to the EPIC L1B radiances. The results indicate that the EPIC record is quite stable with a lower uncertainty than when processed using the previous DCC-IT methodology.

Igor Geogdzhaev [NASA’s Goddard Institute for Space Studies (GISS)/Columbia University] reported that EPIC Visible–Near Infrared (VIS-NIR) calibration based on VIIRS (on Suomi NPP) data has showed excellent stability, while VIIRS (on NOAA-20 and -21) derived gains agree to within 1–2%. Preliminary analysis showed continuity in the gains derived from Advanced Baseline Imager (ABI) data. (ABI flies on NOAA’s two operational Geostationary Operational Environmental Satellite–Series R satellites – GOES-17 and GOES-18.

Liang–Kang Huang [Science Systems and Applications, Inc. (SSAI)] reported on updates to the EPIC ultraviolet (UV) channel sensitivity time dependences using Sun-normalized radiance comparisons between EPIC and measurements from the Ozone Mapping and Profiler Suite (OMPS) Nadir Mapper (NM) on Suomi NPP, with coinciding footprints and solar/satellite angles. Huang’s team determined vignetting factors in the sensitivity calibration between 2021–2024, as a function of charge coupled device (CCD) pixel radius and pixel polar angles, using special lunar measurement sequences.

NISTAR Status and Science with Its Observations

The NISTAR instrument remains fully functional and continues its uninterrupted data record. The NISTAR-related presentations during this meeting included more details on specific topics related to NISTAR as well as on efforts to combine information from both EPIC and NISTAR.

Steven Lorentz [L-1 Standards and Technology, Inc.] reported that the NISTAR on DSCOVR has been measuring the irradiance from the sunlit Earth in three bands for more than nine years. The three bands measure the outgoing total and reflected-solar radiation from Earth at a limited range of solar angles. To compare the long-term stability of EPIC and NISTAR responses, researchers developed a narrowband to wideband conversion model to allow the direct comparison of the EPIC multiband imagery and NISTAR SW – see Figure 1 – and silicon photodiode channels. Lorentz presented daily results spanning several years. The comparison employed different detectors from the same spacecraft – but with the same vantage point – thereby avoiding any model dependent orbital artifacts.

Clark Weaver [University of Maryland, College Park (UMD)] used spectral information from the SCanning Imaging Absorption spectroMeter for Atmospheric CartograpHY (SCIAMACHY), which flew on the European Space Agency’s (ESA) Envisat satellite from 2002–2012, to fill EPIC spectral gaps. He reported on construction of a composite height resolution spectrum that was spectrally integrated to produce SW energy. Weaver explained that he compared the EPIC reflected SW with four-hour averages from Band 4 on NISTAR. He used spectral information from SCIAMACHY to fill in gaps. Weaver also discussed results of a comparison of area integrated EPIC SW energy with observations from NISTAR . 

Andrew Lacis [GISS] reported on results of analysis of seven years of EPIC-derived planetary albedo for Earth, which reveal global-scale longitudinal variability occurring over a wide range of frequencies – with strong correlation between nearby longitudes and strong anticorrelation between diametrically opposed longitudes. This behavior in the Earth’s global-scale energy budget variability is fully corroborated by seven years of NISTAR silicon photodiode measurements, which view the Earth with 1º longitudinal resolution. This analysis establishes the DSCOVR mission EPIC/NISTAR measurements as a new and unmatched observational data source for evaluating global climate model performance– e.g., see Figure 2.

Wenying Su [LaRC] discussed global daytime mean SW fluxes within the EPIC field of view produced from January 2016–June 2024. These quasi-hourly SW fluxes agree very well with the Synoptic data product from the Clouds and the Earth’s Radiant Energy System (CERES) instruments (currently flying on the Terra and Aqua, Suomi NPP, and NOAA-20 platforms) with the root mean square errors (rmse) less than 3 W/m². This SW flux processing framework will be used to calculate NISTAR SW flux when Version 4 (V4) of the NISTAR radiance becomes available. Su noted that SW fluxes from EPIC are not suitable to study interannual variability as the magnitude of EPIC flux is sensitive to the percentage of daytime area visible to EPIC.

Update on EPIC Products and Science Results

EPIC has a suite of data products available. The following subsections summarize content during the DSCOVR STM related to these products. The updates focus on several data products and the related algorithm improvements. 

Total Column Ozone

Jerry Ziemke [Morgan State University (MSU), Goddard Earth Sciences Technology and Research–II (GESTAR II)] and Natalya Kramarova [GSFC] reported that tropospheric O₃ from DSCOVR EPIC shows anomalous reductions of ~10% throughout the Northern Hemisphere (NH) starting in Spring 2020 that continues to the present. The EPIC data, along with other satellite-based (e.g., Ozone Monitoring Instrument (OMI) on NASA’s Aura platform) and ground-based (e.g., Pandora) data, indicate that the observed NH reductions in O₃ are due to combined effects from meteorology and reduced pollution, including reduced shipping pollution in early 2020 (during COVID) – see Figure 3. EPIC 1–2 hourly data are also used to evaluate hourly total O₃ and derived tropospheric O₃ from NASA’s Tropospheric Emissions: Monitoring of Pollution (TEMPO) geostationary instrument. Ziemke explained that comparison of TEMPO data with EPIC data has helped the researchers characterize a persistent latitude-dependent offset in TEMPO total O₃ data of ~10–15% from south to north over the North American continent.

Algorithm Improvement for Ozone and Sulfur Dioxide Products

Kai Yang [UMD] presented a comprehensive evaluation of total and tropospheric O₃ retrievals, highlighting the long-term stability and high accuracy of EPIC measurements. He also validated EPIC’s volcanic sulfur dioxide (SO₂) retrievals by comparing them with ground-based Brewer spectrophotometer measurements and summarized EPIC’s observations of SO₂ from recent volcanic eruptions.

Simon Carn [University of Michigan] showed the first comparisons between the EPIC L2 volcanic SO₂ product and SO₂ retrievals from the Geostationary Environment Monitoring Spectrometer (GEMS) on the Korean GEO-Kompsat-2B satellite. GEMS observes East Asia as part of the new geostationary UV air quality (GEO-AQ) satellite constellation (which also includes TEMPO that observes North America and will include the Ultraviolet–Visible–Near Infrared (UVN) instrument on the European Copernicus Sentinel-4 mission, that will be launched in 2025 to observe Europe and surrounding areas) – but is not optimized for measurements of high SO₂ columns during volcanic eruptions. EPIC SO₂ data for the 2024 eruption of Ruang volcano in Indonesia are being used to validate a new GEMS volcanic SO₂ product. Initial comparisons show good agreement between EPIC and GEMS before volcanic cloud dispersal and confirm the greater sensitivity of the hyperspectral GEMS instrument to low SO₂ column amounts.

Aerosols

Alexei Lyapustin [GSFC] reported that the latest EPIC aerosols algorithm (V3) simultaneously retrieves aerosol optical depth, aerosol spectral absorption, and aerosol layer height (ALH) – achieving high accuracy. He showed that global validation of the single scattering albedo in the blue and red shows 66% and 81–95% agreement respectively, with Aerosol Robotic Network (AERONET) observations – which is within the expected error of 0.03 for smoke and dust aerosols. Lyapustin also reported on a comparison of EPIC aerosol data collected from 2015–2023 by the Cloud-Aerosol Lidar with Orthogonal Polarization (CALIOP), which flew on the Cloud-Aerosol Lidar and Infrared Pathfinder Satellite Observations (CALIPSO) mission. The results show that ALH is retrieved with rmse ~1.1 km (0.7 mi). ALH is unbiased over the ocean and is underestimated by 450 m (1470 ft) for the smoke and by 750 m (2460 ft) for the dust aerosols over land. 

Myungje Choi and Sujung Go [both from University of Maryland, Baltimore County’s (UMBC), GESTAR II] presented results from a global smoke and dust characterization using Multi-Angle Implementation of Atmospheric Correction (MAIAC) algorithm. This study characterized smoke and dust aerosol properties derived from MAIAC EPIC processing, examining spectral absorption, ALH, and chemical composition (e.g., black and brown carbon). Regions with smoldering wildfires, e.g., North America and Siberia, exhibited high ALH and a significant fraction of brown carbon, while Central Africa showed lower ALH with higher black carbon emissions.

Omar Torres [GSFC] discussed how L1 DSCOVR-EPIC observations are being used to study air quality (i.e., tropospheric O₃ and aerosols) globally. Torres noted that this application of EPIC-L1 observations is of particular interest in the Southern Hemisphere (SH) where, unlike over the NH, there are currently no space GEO-based air quality measurements – and no plans for them in the foreseeable future.

Hiren Jethva [MSU, GESTAR II] presented the new results of the aerosol optical centroid height retrieved from the EPIC Oxygen-B band observations. He described the algorithm details, showed retrieval maps, and reviewed the comparative analysis against CALIOP backscatter-weighted measurements. The analysis showed a good level of agreement with more than 70% of matchup data within 1–1.5 km (0.6–0.9 mi) difference.

Jun Wang [University of Iowa] presented his team’s work on advancing the second generation of the aerosol optical centroid height (AOCH) algorithm for EPIC. Key advancements included: constraining surface reflectance in aerosol retrieval using an EPIC-based climatology of surface reflectance ratios between 442–680 nm; incorporating a dynamic aerosol model to characterize aged smoke particles; and employing a spectral slope technique to distinguish thick smoke plumes from clouds. Results show that both atmospheric optical depth (AOD) and AOCH retrievals are improved in the second generation of AOCH algorithm.

Olga Kalashnikova [NASA/Jet Propulsion Laboratory (JPL)] reported on improving brown carbon evolution processes in the Weather Research and Forecasting model coupled with Chemistry (WRF-Chem) model with EPIC products. She indicated that DSCOVR product evaluation, using lidar aerosol height measurements from CALIOP, led to an improved operational brown carbon product. To better resolve the temporal evolution of brown carbon, chemical transport models need to include more information about near-source fires.

Mike Garay [NASA/Jet Propulsion Laboratory (JPL)] discussed constraining near-source brown carbon emissions from 2024 Canadian ‘zombie’ fires with EPIC products. He reported that fires in British Columbia, Canada showed differences in brown carbon emission near the sources.  Garay explained that their investigation has revealed that these differences were related to fire intensity and variations in vegetation/soil content.

Yuekui Yang [GSFC] presented work that examined the impact of Earth’s curvature consideration on EPIC cloud height retrievals. Biases under the Plane Parallel (PPL) assumption is studied by comparing results using the improved pseudo-spherical shell approximation. PPL retrievals in general bias high and for a cloud with height of 5 km (3 mi), the bias is about 6%.

Alfonso Delgado Bonal [UMBC] stated that the EPIC vantage point offers a unique opportunity to observe not only the current state of the Earth but also its temporal evolution. By capturing multiple observations of the planet throughout the day, EPIC enables statistical reconstruction of diurnal patterns in clouds and other atmospheric parameters. Bonal’s team focused their research on O₃ (primarily tropospheric) over the U.S. to demonstrate the presence of a diurnal cycle in the western regions of the continental U.S. However, ground-based data from PANDORA for specific locations do not support these diurnal variations – underscoring the critical role of space-based O₃ retrievals. The proposed methodology is not limited to clouds or O₃ but is broadly applicable to other EPIC measurements for the dynamic nature of our planet.

Elizabeth Berry [Atmospheric and Environmental Research (AER)] presented results from a coincident DSCOVR–CloudSat dataset [covering 2015–2020]. Cloud properties (e.g., cloud height and optical depth) from DSCOVR and CloudSat are moderately correlated and show quite good agreement given differences in the instruments sensitivities and footprints. Berry explained that a machine-learning model trained on the coincident data demonstrates high accuracy at predicting the presence of vertical cloud layers. However, precision and recall metrics highlight the challenge of predicting the precise location of cloud boundaries.

Anthony Davis [JPL] presented a pathway toward accurate estimation of the cloud optical thickness (COT) of opaque clouds and cloud systems, e.g., supercells, mesoscale convective complexes, and tropical cyclones (TCs). He described the approach, which uses differential oxygen absorption spectroscopy (DOAS) that has resolving power greater than 10⁴ – which is comparable to that of the high-resolution spectrometers on NASA’s Orbiting Carbon Observatory–2 (OCO-2) – but is based upon the cloud information content of EPIC’s O₂ A- and B-band radiances. Unlike the current operational retrieval of COT – which uses data from the Moderate Resolution Imaging Spectroradiometer (MODIS) on Terra and Aqua – the DOAS-based technique does not saturate at COT exceeding ~60. According to a popular TC model with two-moment microphysics, COT in a tropical storm or hurricane can reach well into the hundreds, sometimes exceeding 1000. Davis said that once the new COT estimates become available, they will provide new observational constraints on process and forecast models for TCs.

Ocean

Robert Frouin [Scripps Institution of Oceanography, University of California] discussed ocean surface radiation products derived from EPIC data. He explained that significant advancements have been achieved in processing and evaluating ocean biology and biogeochemistry products derived from EPIC imagery. V1 updates enhanced accuracy by integrating Modern-Era Retrospective analysis for Research and Applications V2 (MERRA-2) ancillary data and refining calculations for atmospheric and surface parameters. Frouin introduced several diurnal products, including hourly photosynthetically active radiation (PAR) fluxes, spectral water reflectance, and chlorophyll-a concentrations. He said that these new MODIS-derived products have been validated through comparisons with data from the Advanced Himawari Imager on the Japanese Himawar–8 and –9 satellites. In order to address the gaps in these diurnal products, Frouin explained that the team developed a convolutional neural network that has been used effectively to reconstruct missing PAR values with high accuracy.

Vegetation

Yuri Knyazikhin [Boston University] reported on the status of the Vegetation Earth System Data Record (VESDR) that provides a variety of parameters including: Leaf Area Index (LAI), diurnal courses of Normalized Difference Vegetation Index (NDVI), Sunlit LAI (SLAI), Fraction of incident Photosynthetically Active Radiation (FPAR) absorbed by the vegetation, Directional Area Scattering Function (DASF), Earth Reflector Type Index (ERTI), and Canopy Scattering Coefficient (CSC). Knyazikhin discussed analysis of the diurnal and seasonal variations of these quantities. EPIC LAI and FPAR are consistent with MODIS-derived measurements of the same parameters.

Jan Pisek [University of Tartu/Tartu Observatory, Estonia] discussed efforts to derive leaf inclination information from EPIC data. The very first evaluation over Tumbarumba site (in New South Wales, Australia) showed that the angular variation in parameters obtained from EPIC reflects the expected variations due to the erectophile vegetation present at the site.

Sun Glint

Tamás Várnai [UMBC, JCET] discussed EPIC observations of Sun glint from ice clouds. The cloud glints come mostly from horizontally oriented ice crystals and have strong impact in EPIC cloud retrievals. Várnai reported that the EPIC glint product is available from the ASDC – see Figure 4. Glint data can help reduce the uncertainties related to horizontally oriented ice crystals and yield additional new insights about the microphysical and radiative properties of ice clouds.

Alexander Kostinski [Michigan Technology University] explained that because they detected climatic signals (i.e., longer-term changes and semi-permanent features, e.g., ocean glitter), they developed a technique to suppress geographic “noise” in EPIC images that involves introducing temporally (monthly) and conditionally (classifying by surface/cover type, e.g., land, ocean, clouds) averaged reflectance images – see Figure 5. The resulting images display seasonal dependence in a striking manner. Additionally, cloud-free, ocean-only images highlight prominent regions of ocean glitter.

Jiani Yang [Caltech] reported that spatially resolving light curves from DSCOVR is crucial for evaluating time-varying surface features and the presence of an atmosphere. Both of these features are essential for sustaining life on Earth – and thus can be used to assess the potential habitability of exoplanets. Using epsilon machine reconstruction, the statistical complexity from the time series data of these light curves can be calculated. The results show that statistical complexity serves as a reliable metric for quantifying the intricacy of planetary features. Higher levels of planetary complexity qualitatively correspond to increased statistical complexity and Shannon entropy, illustrating the effectiveness of this approach in identifying planets with the most dynamic characteristics.

Other EPIC Science Results

Guoyong Wen [MSU, GESTAR II] analyzed the variability of global spectral reflectance from EPIC and the integrated broadband reflectance on different timescales. He reported that on a diurnal timescale, the global reflectance variations in UV and blue bands are statistically similar – and drastically different from those observed in longer wavelength bands (i.e., green to NIR). The researchers also did an analysis of monthly average results and found that temporal averaging of the global reflectance reduces the variability across the wavelength and that the variability of broadband reflectance is similar to that for the red band on both timescales. These results are mainly due to the rotation of the Earth on diurnal timescale and the change of the Earth’s tilt angle. 

Nick Gorkavyi [Science Systems and Applications, Inc. (SSAI)] reported that EPIC – located at the L1 point, 1.5 million km (0.9 million mi) away from Earth – can capture images of the far side of the Moon in multiple wavelengths. These images, taken under full solar illumination, can be used to calibrate photographs obtained by lunar artificial satellites. Additionally, he discussed the impact of lunar libration – the changing view of the Moon from Earth, or it’s apparent “wobble” – on Earth observations from the Moon. 

Jay Herman [UMBC] discussed a comparison of EPIC O₃ with TEMPO satellite and Pandora ground-based measurement. The results show that total column O₃ does not have a significant photochemical diurnal variation. Instead, the daily observed diurnal variation is caused by weather changes in atmospheric pressure. This measurement result agrees with model calculations.

Conclusion

Alexander Marshak, Jay Herman, and Adam Szabo led a closing discussion with ST participants on how to make the EPIC and NISTAR instruments more visible in the community. It was noted that the EPIC website now allows visitors to observe daily fluctuations of aerosol index, cloud fraction, cloud height, and the ocean surface – as observed from the L1 point. More daily products, (e.g., aerosol height and sunlit leaf area index) will be added soon, which should attract more users to the website.

Overall, the 2023 DSCOVR EPIC and NISTAR STM was successful. It provided an opportunity for participants to learn the status of DSCOVR’s Earth-observing instruments, EPIC and NISTAR, the status of recently released L2 data products, and the science results being achieved from the L1 point. As more people use DSCOVR data worldwide, the ST hopes to hear from users and team members at its next meeting. The latest updates from the mission can be found on the EPIC website. 

Alexander Marshak
NASA’s Goddard Space Flight Center
alexander.marshak@nasa.gov

Adam Szabo
NASA’s Goddard Space Flight Center
adam.szabo@nasa.gov

Earth planning date: Wednesday, Feb. 12, 2025

I woke up this morning to my weather app telling me it felt like minus 15° C (5°F) outside. On days like this, it can take me a little longer to get myself up and out into the world. Curiosity has a similar problem — as we head toward winter and it gets colder and colder in Gale Crater, Curiosity has to spend more time warming up to do things like driving and all our good science. I’ve also been watching a couple winter storms that are expected in the next few days here in Toronto. Luckily, Curiosity doesn’t have to deal with snowstorms, and our drive in the last plan went ahead as planned and put us in a good position to go ahead with contact science today, a relief after having to forego it on Monday. 

The contact science location that the geology team chose is called “Catalina Island,” the flat rock you can see in almost the center of the image above. As you can likely also see above, there’s a whole jumble of rocks in that image, and Mastcam and ChemCam have picked out a couple others to take a look at. These are “Point Dume,” which will be the target of ChemCam’s laser spectrometer, and “Whittier Narrows,” on which Mastcam will image some linear features. Mastcam and ChemCam are also turning their gazes further afield for Mastcam targets “Cleghorn Ridge,” “Cuyamaca Peak,” “Kratka Ridge,” and two long-distance ChemCam mosaics of the top of the Wilkerson butte and a spot a little further down known as “Pothole Trail.”

Much like I’m keeping an eye out the window on the changing weather here, Curiosity is also continuing to keep an eye on the environment in Gale Crater. Even though it’s not the dusty season, we continue to monitor the dust around us and in the atmosphere with a dust-devil survey and a tau. But we’re especially interested in what the clouds are up to right now, which we’re checking in on with our normal zenith and suprahorizon movies, and our cloud-season-only Phase Function Sky Survey. This is a series of movies covering the whole sky that we can use to determine how sunlight interacts with the individual water-ice crystals in the clouds.

Written by Alex Innanen, Atmospheric Scientist at York University

The Department of Education has been a boondoggle since its inception.

Education should be done at the local and state level. Parents should be in charge of the education of their children, whether in private school or public school. The reality is that the more local the education, the more it reflects the needs, desires, and wants of the parents, who, of course, are the ones most aligned with the interests of their children.

Instead, we in the United States have increasingly devolved authority to the federal government. Virtually all of the agencies have been hijacked — as we’ve now been learning — by a Left-wing bureaucratic mess designed to be a permanent pipeline of cash to the friends of the Democrats.

This is particularly true of the Department of Education. In fiscal year 2024, the Department of Education spent $268 billion. That is a lot of money. And since 1980, the spending has increased 372%, which is almost double the increase of the size of the rest of the federal government’s.

Most of that goes to subsidize precisely the sort of indoctrination centers that have been churning out radicals in extraordinary numbers, corrupting our body politic for decades.

If you did not like the Hamas Tentifadas on campus last year, you can blame the fact that we as a society decided it was deeply imperative to send all of our teenagers to institutions of higher education that indoctrinate them in trash. You can blame that on the fact that our primary, lower, and secondary education institutions have been indoctrinating kids in Left-wing values for decades.

WATCH: The Ben Shapiro Show

Last year, the Department of Education spent $165 billion on higher education. That’s nearly half the total funds spent by the entire department. That money went to colleges and universities to prop up the great scam that is higher education. Those are grants to students to major in lesbian dance theory.

You’re wondering, how did they get that money? The answer is you got to pay for it. Just $40 billion went directly to elementary and secondary education. Even if you wanted the money going to small kids, it is not predominantly going to them. It is going to the very large overgrown children who are 19 and 20 years old, majoring in nonsense.

The dollars went indirectly to the lower level, to the grifters and cretins of the unions, like the American Federation of Teachers (AFT) and the National Education Association (NEA). It did not flow directly to them, but when federal dollars subsidize schools that are in bed with the AFT and the NEA, the work of Randi Weingarten is subsidized.

What have been the priorities of the Department of Education in the recent past? Joe Biden’s Secretary of Education, Miguel Cardona, wrote in last year’s budget summary, “The investments proposed in President Biden’s new budget reflect this Administration’s deep belief in education as the foundation of all opportunity in America. … The President’s budget would also expand career-connected learning in our schools and provide more pathways to well-paying careers, as well as raise the bar for college affordability, inclusive student success, and driving more equitable outcomes in higher education.”

Equity, of course, is effectively a code word for racial quotas. That’s how Biden saw it. Biden requested $100 million for developing and implementing strategies to promote diversity in schools and classrooms. But that is not just in reference to racial quotas; it is in reference to the curriculum itself — to what is taught.

President Trump came into office pledging to kill DEI programs at our nation’s schools. The Department of Education has apparently handed out $1 billion in DEI grants since 2021 alone, according to Parents Defending Education. That included $490 million in grants for race-based hiring schemes, which are illegal under the Constitution; $169 million for DEI-based mental health training; and $343 million on general DEI programs. That’s just over the past few years.

So what exactly did the Biden administration do after the Supreme Court banned affirmative action last year? The DOE then released resources to assist colleges and universities to basically end-around the law. You remember: Joe Biden tried to do this.

On August 14th, 2023, the Biden administration issued what was called the “Dear Colleague” letter, an advisory letter from the federal government to a variety of institutions designed to tell them how they wanted the law applied. The goal, apparently, was to substitute mushy words like “overcoming adversity” for explicit racial quotas.

Assistant Secretary for Civil Rights at ED Catherine E. Lhamon wrote, “Even after the Court’s decision sharply limited a tool that colleges and universities with selective admissions practices have used to create vibrant, diverse campus communities, colleges and universities may still lawfully work to admit, support, retain, and graduate racially diverse student bodies. Today’s resources explain practices that remain legally viable and confirms the Federal government’s robust civil rights protections in schools.”

In other words, ignore the Supreme Court.

People who keep shouting about Trump and constitutional crises ignored the Supreme Court of the United States, openly and basically saying they would defy the Supreme Court in pursuit of their diversity agenda.

There is no bigger boondoggle than the Department of Education, which is why they are screaming bloody murder over what Trump is doing.

These public sector teachers unions, in many states, collect union dues from their teachers, and then pay off Democratic politicians with those dues. They campaign for Democrats. Democrats then sign massive, ridiculous pork-laden contracts with the AFT to enrich everybody; then, the AFT does it all over again. That’s the game.

Does the AFT care about students? Of course not. They are not a priority. We learned just as much during COVID when the AFT pushed incredibly hard for students never to go back to school, claiming they weren’t safe.

Randi Weingarten said that despite every piece of evidence, you couldn’t let your kids go back to school to die of COVID. It didn’t matter that a paucity of children were dying of COVID. All that mattered to Weingarten was that her teachers got to stay home, teach on Zoom, and still get paid their salaries.

The tale that Democrats are trying to tell is that your kid is going to lose their cherished public school education because Trump wants to kill the Department of Education. 

But the vast majority of funding for public school in the United States comes at the state and local levels. It is not coming from the federal government.

What comes from the federal government is very often attached to precisely the kinds of interest groups to which the Democrats want it attached.

Former Biden Education Secretary Cardona has claimed that what Trump is doing is a form of monarchy. He said, “I’m all in favor of reviewing what works best, and I’m even in favor of assessing policy, whether you agree with it or not. But I’m not in favor of the change that’s happening, which is going from democracy to a monarchy. And we’re seeing examples of that in every agency. And it’s really troubling. And I think the American people, regardless of party, should be worried about what’s happening now.”

He’s lying. He’s not in favor of auditing anything. He’s not in favor of checking out the curriculum.

According to Democrats, when a regulatory, bureaucratic agency pumps out $300 billion a year to the friends of Cardona, that’s called democracy. But it’s monarchy when the new president comes in and says we’re not doing that anymore.

Whatever you want to call it, give me more of it.

Fundraising messages centered around President Donald Trump have continued to dominate on both sides of the political aisle since his return to the White House. 

The Democrats' messages revolve around voicing their opposition to Trump’s second term, his executive orders, and action by the Department of Government Efficiency (DOGE), which has become a cornerstone of Trump’s first month back in the Oval Office.

"Americans are starting to feel the disastrous effects of a Trump-Musk presidency, and we see that sentiment reflected in our top-performing messaging, which highlights the need to fight the extremes of Donald Trump and prepare for elections this year, in 2026 and beyond," DNC Senior Spokesperson Hannah Muldavin told Fox News Digital. 

Muldavin said the DNC's most effective fundraising messages have centered around "the extremes of Donald Trump."

FORMER DEMOCRATIC PRESIDENTIAL CANDIDATE SAYS HIS PARTY IS ACTING ‘PATHETICALLY’ TO THWART MUSK’S DOGE

"Our most effective outreach to grassroots supporters right now comes from our new Chair Ken Martin, who talks about not just fighting the extremes of Donald Trump, but also on making the case to working families in both red and blue states that Democrats are the party fighting for them," Muldavin added. 

The Democratic National Committee’s website opened this week to a photo of Ken Martin, newly elected DNC Chair, with a simple message: "Ken Martin is the new DNC Chair. Help Democrats mobilize against Trump." A fundraising message on the donation page invites Democrats to "pitch in to the DNC and help elect Democrats nationwide."

DEMOCRATS ELECT NEW CHAIR WHO BRANDED TRUMP A 'TRAITOR' AS PARTY AIMS TO REBOUND FROM DISASTROUS 2024 ELECTION

"The DNC is the organization best positioned to fight back, organize, and stop the worst impulses of a Trump administration. So please don’t wait: donate now to elect Democrats who will fight back against the MAGA agenda," the message says. 

The Democratic Congressional Campaign Committee has a similar strategy with a down-ballot focus. On the DCCC website, a photo of House Minority Leader Hakeem Jeffries appears next to a fundraising message inviting supporters to "become a majority maker."

"At the DCCC, we're laser-focused on the midterms and taking back the House from the MAGA Majority," the message says. "With just THREE seats standing between us and the Majority, your monthly donation will help us do everything we can to flip the House blue and build a firewall against the Trump Trifecta. Will you make a recurring monthly donation to the DCCC to fuel our work today?" 

Trump’s fundraising apparatus has also capitalized on his return to center stage. Trump National Committee, the joint super PAC of Never Surrender and the Republican National Committee, have maintained consistent fundraising outreach since Trump’s election victory.

"Trump is the center of the universe at the moment," Republican strategist Matt Gorman, who worked on Senator Tim Scott’s presidential campaign and as communications director for the National Republican Congressional Committee, told Fox News Digital. "It's been pretty well proven over the last decade that Trump animates the fundraising base of both parties and utilizing him is an effective strategy."

As soon as Nov. 6, just a day after the election, a message "from Trump" to his supporters read, "TOTAL VICTORY! Because of you, WE WON!" with a link to donate to Trump’s super PAC. The messages continued in the weeks and months leading up to his inauguration.

The tone of the messages took a turn after Democrat Rep. Al Green, D-T.X., who attempted to impeach Trump three times during his first term, announced that he would file articles of impeachment against the president for saying he would "take over" Gaza.

Green said on the House floor the next day that Israeli Prime Minister Benjamin Netanyahu "should be ashamed, knowing the history of his people, to stand there and allow such things to be said."

"Before Democrats introduce Articles of Impeachment, can you answer question #1?" a fundraising message from Trump's super PAC asked the next day. 

Then last week, the PAC sent a message from Vice President JD Vance that read, "Don't pee on my boots & tell me it's raining. It's JD Vance. These are the top lies I've seen from Democrats."

"Democrats don’t have any policies. All they have is lies. Nobody believes their crap. So on behalf of every American who is sick of their lies, I got one thing to say: Don’t pee on my boots & tell me it’s raining. Democrats can’t stand that we have a President who’s putting the working men & women of America first, AND NOW THEY’RE THREATENING TO IMPEACH TRUMP AGAIN!"

The message from Republicans is clear: Democrats do not have policies beyond resisting Trump. 

"Their identity for the last ten years has been, simply, 'Whatever Trump is for, I'm against,'" Gorman said. 

While using Trump’s name can be an effective fundraising strategy, Gorman urged candidates to move past the moniker and step into policy discussions as well.

"Policy is really important, too. Every candidate has to articulate what they stand for, how they'd be different from their opponent and what they bring to Washington or to the statehouse. Trump is helpful in every aspect, but it's important to make sure you're defining what you would do in your policies as well."