Email Security Blog

Understanding Email Identity

Agari October 12, 2016 Email Security
Fallback Featured Image

One of the things that often stumps even the most security conscious companies is knowing all the third-party email service providers they are working with. It is extremely difficult, if not impossible for these organizations to protect their customers from phishing attacks if they don’t even know who is sending legitimate email on their behalf. And this gets even more challenging when you consider the fact that the email identity of a business is constantly evolving, driven by the addition of new cloud-based email services, the acquisition of new companies or the set-up of unauthorized email servers by shadow IT.

Agari Email Cloud Identity solves this problem – and stops phishing – by helping companies to automatically identify, monitor and manage the 5 billion emails sent every month on their behalf by third-party email senders. These senders can be external entities, such as, Marketo or Epsilon, as well as internal resources, such as a department or business unit. The typical Agari customer, which includes 6 of the top 10 banks and 5 of the leading social media platforms, send 64% of their email via these cloud-based email service providers. Understanding exactly who these email senders are is essential to their ability to protect their brand and their customers.


Use Cases
Many organizations aren’t typically aware of how many cloud-based email services are sending messages on their behalf. The employee survey that was just sent out? There’s a good chance the HR team used a third-party survey solution like MailChimp. That newsletter your customers receive every month? There’s a good chance the Marketing team used a third-party marketing automation solution like Marketo. And it’s not just unknown external senders. Every time an organization acquires a new company, they have to integrate and secure a full range of new domains.

One very large, well-known Financial Services company we work with thought they had a clear understanding of who was sending email on their behalf. They believed there were 200 approved domains on 3,900 approved servers, being used to send 1.2 billion legitimate emails per month. Imagine their surprise when, after deploying the Agari platform, they learned there were actually more than 1.25 million malicious URLs on 1.3 million servers that were spoofing their domains – and this infrastructure was being used to send millions of malicious emails every month!

Our Approach
Today, most security solutions view the identity of an email sender as noise. This means they are unable to tell the difference between emails sent from legitimate senders and malicious emails sent by cyber criminals. We take a different approach with the Agari Email Trust Platform. Instead, we detect the unique behavior of legitimate senders to build their email identities, based on our insight into 10 billion emails per day. Agari Email Cloud Identity leverages this insight to simplify the process of email governance, automatically discovering trusted third-party senders, identifying unauthorized internal email senders and continuously monitoring data about an organization’s email identity.

If you’re interested in learning more about Agari Email Cloud Identity, don’t miss our upcoming webinar: Stop Phishing Attacks by Gaining Visibility into 3rd Party Senders

Leave a Reply

Your email will not be published. All fields are required.

Agari Blog Image

June 19, 2019 Patrick Peterson

From Secure Email Gateway to Secure Email Cloud

The secure email gateway (SEG) worked for decades, no doubt. It was truly the first…

Agari Blog Image

June 18, 2019 Armen Najarian

CISOs, Conversations, and Cabernet: A Look Back at Trust 2019

Six months ago, Agari rolled out a brand new vision—a vision focused on the idea…

Agari Blog Image

June 12, 2019 Armen Najarian

Restoring Trust to Digital Communications: Working with Human Nature

Cybercriminals have used email to scam more than $13 billion out of organizations since 2013,…

Agari Blog Image

June 6, 2019 Michael Cichon

Email Security: Using AI to Prevent Business Email Compromise

Business email compromise (BEC), phishing, and ransomware are growing ever-more targeted and personalized, changing the…

Agari Blog Image

May 9, 2019 Patrick Peterson

Current Email Architecture Transformation Raises the Bar for Security

Enterprise email architecture is evolving, which is good news for cybercriminals. Legacy secure email gateways…

mobile image