Twitter has announced it is using a new technology called Domain-based Message Authentication, Reporting and Conformance (DMARC) in order to ward off e-mail phishing from its social networking service. According to Twitter, DMARC technology will make it “extremely unlikely” for anyone to send e-mail pretending to be from a Twitter.com address.
“Without getting too technical,” writes Twitter’s ‘Postmaster’ Josh Aberant, “DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes.”
Aberant reveals even as the protocol is young, it is already being used by the four major e-mail service providers – AOL, Gmail, Outlook and Yahoo! Mail. “We hope to see it gain more coverage for our users as even more email providers adopt it, and that it gives you more peace of mind when you get an email from us,” he added.
Twitter's announcement with regard to use of the DMARC technology comes shortly after a few of its high-profile accounts, such Jeep and Burger King, suffered malicious attacks.
DMARC allows a sender to mark in their e-mails whether they are protected by SPF and/or DKIM, and notifies the receiver what to do if neither of those authentication methods passes such as send to junk or reject the mail. Technical details with regard to DMARC are available here.