Twitter Goes DMARC To Fight Phishing
Over a year ago, fifteen major companies joined forces to create DMARC, a “technical working group” to develop antiphishing standards. The companies were: Google, Facebook, LinkedIn AOL, Microsoft, Yahoo, PayPal (eBay), Bank of America, Fidelity Investments, American Greetings, Agari, Cloudmark, eCert, Return Path and Trusted Domain Project.
Today, Twitter announced that it is using the DMARC technology with its emails, making it less likely that users will see any email pretneding to be from a Twitter.com address.
“We send out lots of emails every day to our users letting them know what’s happening on Twitter. But there’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information, commonly called ‘phishing’,” said Twitter Postmaster Josh Aberant.
“Without getting too technical, DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols,” he said. “It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes. And that in turn lessens the risk users face of mistakenly giving away personal information.”
Twitter began using DMARC earlier this month. AOL, Gmail, Hotmail/Outlook and Yahoo Mail all take advantage of the technology.