Twitter adopts DMARC security solution to reduce phishing

Twitter adopts DMARC security solution to reduce phishing

Twitter has adopted an email security technology called DMARC to stop phishing of its users account. The popular micro-blogging social network has to switch to this new protocol in order to control fake emails sent to its users from email ids which look similar to Twitter.com address.

Twitter users have lately been reported to receive emails from Twitter like email address asking for their personal information or account details. This new technology has been developed by some third party organizations to help Twitter provide a better security system in order to avoid email-based abuse to its users.

DMARC gives solutions to email providers that enable them to block mails from fake domains. It essentially provides authenticated protocols to resolve email-related operational, deployment, and reporting issues. It’s reported to have already been taken up by AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail, and Twitter is working with other email providers to get on board as well.

Twitter updated about the details via a blog post on its official Twitter blog. Here is the post update -

Introducing DMARC for Twitter.com emails

Thursday, February 21, 2013
We send out lots of emails every day to our users letting them know what’s happening on Twitter. But there’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information, commonly called “phishing”.Earlier this month, we began using a new technology called DMARC that makes it extremely unlikely that most of our users will see any email pretending to be from a Twitter.com address. DMARC is a relatively new security protocol created by a group of organizations to help reduce the potential for email-based abuse.

Without getting too technical, DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes. And that in turn lessens the risk users face of mistakenly giving away personal information. If you’re interested in a more technical explanation, you’ll find it here.

While this protocol is young, it has already gained significant traction in the email community with all four major email providers – AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail – already on board, rejecting forged emails. We hope to see it gain more coverage for our users as even more email providers adopt it, and that it gives you more peace of mind when you get an email from us.

Posted by Josh Aberant - @jaberant
Twitter Postmaster