Series Introduction l Internal InfrastructurePrevious article in the series can be found here.Let’s go back to the cocktail party scenario I talked about last week. Imagine you are at a cocktail party and someone you don’t know hands you their business card and the card has your company logo on it. Maybe you work for a big company and don’t know all your coworkers, so you don’t think twice about...

In a further expansion of the Agari Trust Network’s data exchange program, Agari and Palo Alto Networks have partnered to exchange email-based threat data. The idea is simple, but incredibly powerful.1) Time to detection acceleratedAgari detects potential email-based malware in near real-time. This leads to faster detection of email-based malware than previously possible by any security solution....

The Four Senders of Your Domain's Email ChannelImagine you are networking at a cocktail party. While there, you find out that someone at the party is handing out business cards with your name and company logo on them. You have no clue who this person is or what their intentions are. Are they maliciously trying to ruin your reputation or is this some kind of awkward misunderstanding? Luckily, in...

By Danielle DeWereWolfOne dark and stormy night, Shawn was working late on his computer. Usually he would be in bed by now, but the loud clap of lightning and roar of the wind made sleep impossible. Instead, Shawn thought he would catch up on some email. He walked over to the kitchen and set the kettle on the stove to boil. Sitting back down at the dining room table he opened up his email.Junk,...

Cousin Domain - No Email Threats Should Go UncoveredAgariPRO now gives you the power to find threats that may not yet be uncovered by DMARC with our new Cousin Domain feature.This feature gives companies insight into cousin domains, domain names that are made to look similar to the real domain of a well known brand, with the intent of fooling the email recipient. This gives companies wider...

JPMorgan Chase said last week that cybercriminals had compromised its systems and obtained customer names, phone numbers and email addresses for 76 million households, and as a result people will be concerned about how their data is being used following the breach. But one recent article suggested that phishing scams are a possible outcome, and in the case of JPMorgan Chase, we can confirm that...

When you begin to work with DMARC, you realize just how important identifier alignment is. Identifier alignment forces the domains authenticated by SPF and DKIM to have a relationship to the "header From" domain. Header From Domain and the MailFrom domain are different?Yes, they are! Hearing these terms can confuse people. They sound like the same thing, but in reality they are not. The...

by Chris MeidingerWhat’s the most embarrassing thing that could happen to someone in the anti-fraud business? For me, it’s definitely surrendering your credit card details to a scammer. Yeah. That just happened.Embarrassing, but rather than put my tail between my legs and run away I thought I’d use the opportunity to examine the experience and to remind myself to stay hyper-vigilant. Additionally,...

As a member of the Netscape browser team in the mid-to-late 90's, I participated on the front lines in the browser wars. I'm not just talking about the competition between Netscape and Microsoft for market share, but the battle between those of us trying to establish the browser as the next-generation application platform and the criminals trying to exploit it for nefarious purposes. At the core...

By Patrick PetersonToday, I am excited to share with you that Agari has closed a $15M Series C round of funding led by Scale Venture Partners with participation from existing investors including Alloy Ventures, Battery Ventures, and First Round Capital. This investment triples the amount of capital Agari has raised and will enable the growth of Agari's disruptive security solutions and the...

Before the excitement OF creating a new SPF record, there are a few steps you should take in order to organize the information you will need to be successful:Here is your “grocery” list of information you should know about your sending outgoing mail traffic:Web serverIn-office mail server (e.g., Microsoft Exchange)ISP's mail serverMail server of end users' home ISPAny other mail server*Remember,...

This is the second in a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment . Read the previous tip here. What are the differences between DomainKeys (DK) and DKIM? DomainKeys Identified Mail (DKIM) is the successor to Yahoo DomainKeys. Both share similarities, however DKIM has the additional aspects of Cisco's Identified Internet Mail standard ...

This is the second in a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment . Read the previous tip here. DomainKeys Identified Mail (DKIM) is the successor to Yahoo DomainKeys. Both share similarities, however DKIM has the additional aspects of Cisco's Identified Internet Mail standard (IIM). The enhancements to this standard gives more security...

This is the start of a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment.What does "PermError SPF Permanent Error: Too many DNS lookups" mean?There are several safeguards put in place with SPF. One of these is a limitation of DNS lookups to help ensure that you do not have timeout issues. SPF will evaluate only 10 DNS mechanism lookups in an SPF...

This is the start of a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment.There are several safeguards put in place with SPF. One of these is a limitation of DNS lookups to help ensure that you do not have timeout issues. SPF will evaluate only 10 DNS mechanism lookups in an SPF record (mechanisms include: a, mx, ptr, exists, include, redirect)...

By Chris MeidingerWhen my colleague Erika commented that it's email's birthday month - RFC 821 was posted in August of 1982 - I figured we ought to say happy birthday here on the blog. I set about looking for a more specific date for the RFC's release than "August 1982" to figure out when the exact birthday is, and (of course) my first thought was "well, there must be a mailing list archive...

One of the great things about a conference like BlackHat is that it gives people like me the opportunity to take a step back, get out of the specific back alleyways of cybersecurity that we usually inhabit, and take a broader, more holistic look at attack and defense. One concept that's been talked about for a while is the Cyber Kill Chain. It takes a military-theoretical approach to network asset...

Originally, when thinking about the claim ‘Accepted Everywhere’ I was sure it was the slogan of a specific credit card from across the pond.

The Benefits of Monitor Mode When a technology exists that can tell you if and when your domains are being spoofed (and by who), why would you not use it?! What is DMARC? DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about your email authentication implementation and gives ISPs (Google, Yahoo!,...