Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more

large_3696386615Just days after two prominent Twitter accounts were somewhat hilariously hacked, Twitter announced it has adopted a new technology for making emails from the newsy social network harder to fake. It’s the same technology that Facebook, LinkedIn, Google, and PayPal use to limit email fraud.

Why now?

Jeep’s Twitter account recently told the world that the iconic brand had been “sold to Cadillac.” And Burger King’s account started mysteriously promoting McDonalds. Two high-profile hacks in less than a week means, apparently, that Twitter had to take some action.

The hacks were due to phishing attacks, or sending out emails that look legitimate but, sadly, are not.

“There’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information,” Twitter’s “postmaster” Josh Aberant posted this morning on the company’s blog.

Twitter sends out a lot of emails. If you opt into email notifications for new follows, mentions, and direct messages (little hint: don’t), you potentially get hundreds of emails a week. The problem is: how do you know the email in your inbox is from Twitter?

To make that determination easier, Twitter has adopted DMARC technology, an email authentication protocol initially developed by PayPal in 2007. Essentially, it helps receiving mailservers know, with a reasonable level of assurance, that an email’s reported sender is accurate, not spoofed, and not forged. Which then allows the mailserver to delete forged email before it ever reaches your inbox.

Facebook already uses DMARC and is listed as one of the founding contributors to the open specification, as is LinkedIn. Other organizations that use DMARC include Google (Gmail), Microsoft (Hotmail/Outlook), Yahoo (Yahoo Mail), AOL, and Comcast.

A note for emailers:

If you don’t use Gmail or one of the other email providers listed above, you may not be protected. It might be a good time to ask your mail service provider if they support DMARC.

photo credit: Stian Eikeland via photopin cc


VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member