Twitter aiming to slash phishing e-mails sent from 'Twitter.com'

If you get an e-mail saying it's from Twitter, the social-networking company wants to assure you that it's really from Twitter and that there's no need to worry that someone's out to steal your password.

At least, it's almost certain that the e-mail you just got from a Twitter.com address is not a phishing attack, the company said in a blog post today.

Twitter said it has adopted a new security protocol known as DMARC that was designed by a consortium in order to cut way down on phishing attempts.

DMARC solves a couple of long-standing operational, deployment, and reporting issues related to e-mail authentication protocols. It builds on established authentication protocols (DKIM and SPF) to give e-mail providers a way to block e-mail from forged domains popping up in in-boxes. And that in turn lessens the risk users face of mistakenly giving away personal information.

Twitter did not immediately respond to a request for comment about how big a problem these kinds of phishing attacks have been in the past.

In its blog post, Twitter said that all four major e-mail providers -- Gmail, AOL, Yahoo Mail, and Hotmail/Outlook -- have signed on to the DMARC protocol in an industrywide attempt to make e-mail just a bit safer by preventing messages that seek to pilfer users' personal information from ever making it into their in-boxes.

Then again, in its blog post, Twitter said only that it's "extremely unlikely that most of our users" will get phishing attacks purporting to be sent by Twitter. That leaves the company a little wiggle room in case the practice continues, or if the phishing community figures out a way to bypass the DMARC protocol and resume its nefarious work. After all, if there's one thing that's guaranteed to get hackers and bad actors looking for a way to keep doing their thing, it's a public announcement that they've been neutered.