Resources | Agari

Resources

Blog

What is a DMARC Policy?: The 3 Types & Which to Use

In this post, we’ll briefly explain what a DMARC policy is, how to set up your DMARC email record, what the three types of DMARC policies are and when to implement each one, and how to diagnose and fix any issues associated with it. Basically, your DMARC policy tells email receivers what to do with illegitimate or possibly fraudulent emails—whether to reject, quarantine, or accept them. Overall...
Blog

What Is the Meaning of the SPF Email Standard and How Does It Work?

We're going to delve into what the meaning of SPF for email is, how to implement it, the benefits of deploying it, and how to further protect your email-sending domains. What is SPF for Email? Sender Policy Framework (SPF) is an email authentication standard that domain owners use to specify the email servers they send email from, making it harder for fraudsters to spoof sender information. SPF...
Blog

DMARC Quarantine vs. DMARC Reject: Which Should You Implement?

You did it! You implemented DMARC and authenticated your email domains. This is no easy feat in itself and now, after DNS requests, third-party conference calls and writing internal policies, you are ready... It’s time for a stricter DMARC policy. If your DMARC policy has been set to p=none for months, you've likely had the chance to review who is sending email under your brand name and determine...
Blog

DKIM Guide: How to Set Up the Email Standard Step by Step

In this DKIM setup guide, we’ll walk you through the steps on how to set up DKIM correctly, test it, avoid common pitfalls, and fix common mistakes. In case you’re new to DKIM, or DomainKeys Identified Mail, we’ll start with a high-level overview before getting to the step-by-step instructions, but you can first look up your DKIM record here. What is DKIM? A Brief Introduction DKIM is a standard...
Blog

What is Whaling Phishing & How Does it Work?

“Whaling” phishing fraud attacks target the C-suite of a company which creates high risk of extremely sensitive, mission-critical data being stolen and exposed. Fortunately, protecting the organization from these attacks is possible. Whaling phishing is a type of phishing attack targeting larger, high-value targets, which is why it's called "Whaling." Attackers themselves often pretend to be C...
On-Demand Webinar

Email Security Best Practices: How to Protect Against Advanced Threats

Unfortunately, the bad news about data breaches, cybersecurity scams, and email attacks is constant and the numbers are more staggering with each year. Learn which steps to take NOW to protect your organization’s email ecosystem, such as collecting threat intelligence, mitigating against brand impersonation, and training your employees on security awareness, all while maintaining compliance. That...
Press Release

Forbes: 8 Ways To Keep Your Social Security Number Safe From Identity Theft

It’s difficult to control your Social Security number in the wild. In his September contribution to Forbes Advisor, John Wilson discusses the most common scams involving Social Security numbers and provides 8 steps individuals can take to prevent identity fraud. Originally published in Forbes Advisor: “For too many of us, our SSNs are already in the hands of miscreants, along with our other...
Article

How to Mitigate Online Counterfeit Threats

The broad scope of counterfeit campaigns and unclear boundaries of abuse make it challenging to successfully mitigate online threats targeting retail brands. There is a fine line between infringement and fair use of publicly made materials, as well as immeasurable online environments where counterfeit campaigns may live and grow.
Blog

What Is Email Spoofing & How Do You Protect Against It?

What is Email Spoofing? Email spoofing is one of the most common forms of cybercriminal activity, specifically a form of identity deception that's widely used in phishing and spam attacks. It underpins the mechanism required to conduct hacking activities, and it can take many forms. Unfortunately, most email users will eventually receive an email that has been spoofed—whether they know it or not...
On-Demand Webinar

How to Prepare for PCI DSS 4.0

Let’s face it: staying compliant is complicated and can take a great deal of time and resources. This may be why less than 28 percent of organizations say they are compliant with the Payment Card Industry Data Security Standard (PCI DSS). Even though complex, not compiling with PCI DSS can have devastating consequences. Now that PCI DSS 4.0 has arrived, there is even more to contend with for...
Blog

How to Run Simulated Phishing Campaigns

Here's how to run a simulated phishing campaign to test and train your employees before they receive an actual phishing email. What is a Phishing Campaign? To be clear, when we say “phishing campaign,” we’re not referring to malicious, black-hat phishing campaigns. A simulated phishing campaign is part of an internal training program to raise employee awareness about real-world phishing attacks...
Press Release

The Last Watchdog: The Drivers Behind Persistent Ransomware and Defensive Tactics to Deploy

In his guest essay for The Last Watchdog, Eric George, Director of Solutions Engineering at PhishLabs by, explains what ransomware is, who the high-stake threat actors are, and how organizations can defend themselves against ransomware attacks. Originally published in The Last Watchdog “Ransomware usually starts with a phishing email. An unsuspecting employee will open a legitimate-looking message...
Article

Hybrid Vishing. It's Such A Thing.

In this podcast, John Wilson, senior fellow for threat research at, discusses how vishing, a tactic used to gain PII information from people through phone messages is - like its success - on the rise. Gain insight into this devious scam and the best defense against it.
On-Demand Webinar

Top Mistakes You Could be Making in Email Security

Email threats are constant and remain a highly sought-after opportunity for data theft. Oftentimes organizations research email best practices and incorporate an email security solution that’s best for their needs and budget. While following best practices is essential for email security success, it’s also important to understand the top email security mistakes and whether your organization is a...
On-Demand Webinar

Q2 2022 Quarterly Threat Trends & Intelligence Webinar

Throughout Q2, Agari and PhishLabs detected and mitigated hundreds of thousands of phishing, social media, email, and dark web threats targeting a broad range of enterprises and brands. The Quarterly Threat Trends & Intelligence Report provides an analysis of the latest findings and insights into key trends shaping the threat landscape. In our Quarterly Threat Trends & Intelligence webinar in...
Press Release

Fortra Acquires Outflank, Further Empowering Customers to Thwart Cyberattacks with Advanced Adversary Simulation Services, Offensive Security Tooling, and Training Services

MINNEAPOLIS (September 1, 2022)—Fortra announced today the acquisition of Outflank, a well-regarded IT security leader with deep expertise in adversary simulation; specialist cyber security trainings; and a unique cloud-based software offering for red teams, Outflank Security Tooling (OST). Based in Amsterdam, the team of experts works with prominent financial institutions, multinational firms and...
Press Release

ZDNet: Scammers Are Using This Sneaky Trick to Bypass Spam Filters

Hybrid vishing (email-initiated voice phishing) attacks are on the rise. In this ZDNet article, John Wilson discusses the findings from the latest Agari and PhishLabs research and explains what organizations can do to help prevent hybrid vishing attacks. Originally published in ZDNet.com Excerpt: “These emails are particularly adept at getting past attack controls because they lack the typical...
Blog

The Definitive Report Analyzer: Deciphering DMARC

It takes years to build trusted relationships with your customers — but as all-too-familiar headlines and recounted tales of woe from IT departments tell us, cybercriminals can abuse that trust to trick your customers, employees, and partners into opening their malicious emails in a matter of minutes.  DMARC, or Domain-Based Message Authentication, Reporting, and Conformance, is an essential email...
Blog

DMARC Authentication: Is DIY’ing it Worth the Risk?

Do-it-yourselfers abound everywhere in these days – from YouTube stars demonstrating the latest hacks through tutorials to entire cable channels and streaming networks devoted to DIY, average laypeople have become self-proclaimed experts in a variety of areas and skills. But should you take a do-it-yourself approach when it comes to technology and email security, or more specifically to DMARC...