Twitter Adds DMARC Email Authentication To Curb Login-Jacking Attempts Via Impostor Messages

Twitter announced via its blog today that it has begun using DMARC, a security protocol designed to cut down the number of fake emails that users receive from companies pretending to be Twitter itself. The move should help cut down on phishing scams, where third parties try to get users to give up their login details via false requests for password verification or other personal info.

Twitter says it started using the DMARC tech earlier this month, which means it should be up and running already. But the timing of this announcement likely has more to do with publicizing Twitter’s attempts to increase security around the service in the wake of a couple notable hacks in recent days. Twitter saw high-profile official accounts from Jeep and Burger King get taken over by malicious attacks, which was followed by a fake hacking used as a marketing ploy by BET and MTV. Fake or real, all the so-called “attacks” affect the security reputation of the site in the eyes of its users, hence the need for some kind of response.

DMARC works by determining whether or not the email messages it supposedly receives from a known sender actually lines up with the information it has on file about that sender, and then routing mail accordingly. Those interested in the technical details can check it out here, but it’s already in use by AOL, Gmail, Microsoft and Yahoo! Mail, which means it probably covers the fast majority of email users out there. Some have called for more advanced features, like two-step authentication, to help make Twitter even more secure against malicious attacks on user accounts.

TL;DR: Twitter had some very public security issues, and now has made a public announcement about steps it’s taking to improve security, and the two are unlikely to be only coincidentally related.