Twitter.com announced yesterday that they have introduced a new technology to help minimise the risk of users being tricked by phishing emails. That technology is called Domain-based Message Authentication, Reporting And Conformance – DMARC.
“A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guesswork from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages.”
Twitter said that they began using the DMARC technology earlier this month which presumably means it is already in place to protect users of the social networking site. Which is rather handy timing on Twitter’s part considering the shenanigans that having been going on recently with the likes of Burger King and Jeep.
“While this protocol is young, it has already gained significant traction in the email community with all four major email providers – AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail – already on board, rejecting forged emails.”
In the above blog posting Twitter stopped short of saying that DMARC would totally eradicate the chances of phishing saying instead that it will make it “extremely unlikely”. This is probably a wise move as I can see DMARC proving to be a challenge too hard for some hackers to resist….