Intel AMA
Intel AMA

Twitter adds DMARC authentication to prevent e-mail phishing

By Kul Bhushan | Published on 22 Feb 2013
  • Twitter joins the likes of AOL, Gmail, Outlook, and Yahoo! Mail to deploy the Domain-based Message Authentication, Reporting and Conformance e-mail authentication.

Twitter adds DMARC authentication to prevent e-mail phishing

Twitter has announced it is using a new technology called Domain-based Message Authentication, Reporting and Conformance (DMARC) in order to ward off e-mail phishing from its social networking service. According to Twitter, DMARC technology will make it “extremely unlikely” for anyone to send e-mail pretending to be from a address.

“Without getting too technical,” writes Twitter’s ‘Postmaster’ Josh Aberant, “DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes.”

Aberant reveals even as the protocol is young, it is already being used by the four major e-mail service providers – AOL, Gmail, Outlook and Yahoo! Mail. “We hope to see it gain more coverage for our users as even more email providers adopt it, and that it gives you more peace of mind when you get an email from us,” he added.

Twitter's announcement with regard to use of the DMARC technology comes shortly after a few of its high-profile accounts, such Jeep and Burger King, suffered malicious attacks.

DMARC allows a sender to mark in their e-mails whether they are protected by SPF and/or DKIM, and notifies the receiver what to do if neither of those authentication methods passes such as send to junk or reject the mail. Technical details with regard to DMARC are available here.

social networking twitter dmarc Domain-based Message Authentication Reporting and Conformance phishing e-mail phishing DKIM SPF Internet security Cyber security web security cybercrime cyber crime cybercriminal cyber criminal cyberattacks cybber attacks Protection Status