Twitter embraces DMARC standard to stymie phishing attacks

Share this article:

Twitter announced Thursday that is adopting Domain-Based Message Authentication, Reporting and Conformance (DMARC), a new specification designed to authenticate emails so users don't fall for phishing attacks.

Twitter is among the commonly abused brands on the web, and DMARC helps prevent users from receiving emails pretending to be from the social networking site.

DMARC has a few things working in its favor that past authentication attempts didn't. For one, it is not a standalone protocol, but one that works in concert with popular security methods already adopted: DomainKeys Identified Mail (DKIM), a technique that associates a domain name to an email message, and Sender Policy Framework (SPF), which detects spoofing.

Second, DMARC has some muscle behind it. Not only are the major email providers behind the system, but so are some of the most digitally abused brands, such as PayPal. And third, DMARC gets away from the traditional approach of blacklisting. 

"Without getting too technical, DMARC solves a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols," explained Josh Aberant, Twitter's "postmaster," in a blog post. "It builds on established authentication protocols (DKIM and SPF) to give email providers a way to block email from forged domains popping up in inboxes. And that in turn lessens the risk users face of mistakenly giving away personal information."
Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.