Head over to our on-demand library to view sessions from VB Transform 2023. Register Here

large_3696386615Just days after two prominent Twitter accounts were somewhat hilariously hacked, Twitter announced it has adopted a new technology for making emails from the newsy social network harder to fake. It’s the same technology that Facebook, LinkedIn, Google, and PayPal use to limit email fraud.

Why now?

Jeep’s Twitter account recently told the world that the iconic brand had been “sold to Cadillac.” And Burger King’s account started mysteriously promoting McDonalds. Two high-profile hacks in less than a week means, apparently, that Twitter had to take some action.

The hacks were due to phishing attacks, or sending out emails that look legitimate but, sadly, are not.


VB Transform 2023 On-Demand

Did you miss a session from VB Transform 2023? Register to access the on-demand library for all of our featured sessions.


Register Now

“There’s no shortage of bad actors sending emails that appear to come from a Twitter.com address in order to trick you into giving away key details about your Twitter account, or other personal information,” Twitter’s “postmaster” Josh Aberant posted this morning on the company’s blog.

Twitter sends out a lot of emails. If you opt into email notifications for new follows, mentions, and direct messages (little hint: don’t), you potentially get hundreds of emails a week. The problem is: how do you know the email in your inbox is from Twitter?

To make that determination easier, Twitter has adopted DMARC technology, an email authentication protocol initially developed by PayPal in 2007. Essentially, it helps receiving mailservers know, with a reasonable level of assurance, that an email’s reported sender is accurate, not spoofed, and not forged. Which then allows the mailserver to delete forged email before it ever reaches your inbox.

Facebook already uses DMARC and is listed as one of the founding contributors to the open specification, as is LinkedIn. Other organizations that use DMARC include Google (Gmail), Microsoft (Hotmail/Outlook), Yahoo (Yahoo Mail), AOL, and Comcast.

A note for emailers:

If you don’t use Gmail or one of the other email providers listed above, you may not be protected. It might be a good time to ask your mail service provider if they support DMARC.

photo credit: Stian Eikeland via photopin cc

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.