Twitter beefs up phishing protection with new DMARC protocol
22nd Feb 2013 | 21:03
Internet phishing runs the gambit from the obvious Nigerian prince scam to believable spoofs of emails sent from our favorite websites.
Now Twitter is trying to reduce the amount of phishers who successfully forge their emails and score vital information from loyal Tweeters.
In a blog post the social network introduced a security protocol it started using a month ago to thwart scammers.
It's a new technology called DMARC (Domain-based Message Authentication, Reporting & Conformance) aimed at tackling a few long-standing problems surrounding email authentication.
DMARC is a standard that is still young, but it has already been adopted by popular email services such as AOL, Gmail, Hotmail/Outlook and Yahoo! Mail. The technology allows senders to better authenticate their emails using established DKIM and SPF security protocols.
The technology also improves communication between the sender and email service, with instructions on what to do with emails that don't meet standards and improved reporting on phony messages.
All this will better filter out phishing attempts and Twitter said it's now "extremely unlikely" that most users will see fake emails and get duped by internet tricksters.
Know your DMARC
There are many long-time problems involving operational, deployment and reporting issues surrounding email authentication that DMARC is trying to solve.
Most of the problem stems from the vastness of the internet, which doesn't have many standards on how to authenticate emails.
Not only do practices change between different senders, but authentication processes are inconsistent among single domain owners, as well.
All this makes it very difficult for email services to tell real emails from the fakes. And senders have been slow to increase security measures because there is little feedback.
SPF and DKIM are the two protocols at the heart of DMARC. They were both developed more than a decade ago, and are really powerful tools for email authentication. But the protocols' effectiveness were stifled because they weren't widely used.
DMARC is an attempt to standardize all the chaos with a coalition of email senders and receivers using the same practices. At the same time it increases feedback from receivers to better report fake emails to the senders.
The more people that use the technology, the more we can trust the emails we get. And then maybe the next time a Nigerian prince emails you, it could be a real royal emergency. But real prince or not, you still shouldn't give away your personal info over email.
Via Twitter Blog