Welcome to WebmasterWorld Guest from 54.161.201.189

Forum Moderators: not2easy & rumbas

Twitter Uses DMARC to Act Against Email Phishing For User Passwords

   
12:17 am on Feb 22, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Earlier this month, we began using a new technology called DMARC that makes it extremely unlikely that most of our users will see any email pretending to be from a Twitter.com address. DMARC is a relatively new security protocol created by a group of organizations to help reduce the potential for email-based abuse.Twitter Uses DMARC to Act Against Email Phishing For User Passwords [blog.twitter.com]
2:16 pm on Feb 22, 2013 (gmt 0)

10+ Year Member



thanks for sharing this, engine. I really feel there should be a greater PSA effort by all of these social and email sites to better educate unsuspecting users.

Personally, I think it could be one simple slide: NEVER click on a link in an email or on a social network that makes you login. Rather, always go directly to the site and look for the alleged message, friend invite, etc."

By following this rule I have done a pretty good job protecting my passwords. What are some of the rules of thumb other savvy webmasters and members in here use?
4:13 pm on Feb 25, 2013 (gmt 0)



"What are some of the rules of thumb other savvy webmasters and members in here use?"

If I'm less than 100% sure of the validity of any email, I always hover over embedded links to see what they point to before actually clicking on them. Unless they're doing something sneaky with close misspellings (or 1 vs. l), it's usually quite obvious.

Dan
6:28 pm on Feb 25, 2013 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



Perhaps it's just me that is even more cautious. I avoid the clicks for stats, if possible, to avoid the tracking.

Passwords are important, but you can also help by having a unique e-mail for the service you're using.

The services have to pick up their game, imho, but users need to be educated about their own security.
5:46 am on Feb 28, 2013 (gmt 0)

WebmasterWorld Administrator bill is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month



I implemented DMARC on several domains last year. It's interesting to see reports on mail that can't be tracked as coming from my servers. There's not much, but it does exist.

I hope more big companies implement this. It's simple to setup, and you can run it in reporting mode until you're ready to move to the stricter settings.
 

Featured Threads

My Threads

Hot Threads This Week

Hot Threads This Month