Twitter DMARC Phishing Emails

Twitter.com announced yesterday that they have introduced a new technology to help minimise the risk of users being tricked by phishing emails. That technology is called Domain-based Message Authentication, Reporting And Conformance – DMARC.

“A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages.”
dmarc.org

DMARC

Twitter said that they began using the DMARC technology earlier this month which presumably means it is already in place to protect users of the social networking site. Which is rather handy timing on Twitter’s part considering the shenanigans that having been going on recently with the likes of Burger King and Jeep.

“While this protocol is young, it has already gained significant traction in the email community with all four major email providers – AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail – already on board, rejecting forged emails.”
Twitter blog

In the above blog posting Twitter stopped short of saying that DMARC would totally eradicate the chances of phishing saying instead that it will make it “extremely unlikely”. This is probably a wise move as I can see DMARC proving to be a challenge too hard for some hackers to resist….

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Speak Your Mind

*