Resources | Agari

Resources

Blog

What does "PermError SPF Permanent Error: Too many DNS lookups" mean?

This is the start of a new ongoing series for us that gives you the tips and tricks you need for successful DMARC deployment.There are several safeguards put in place with SPF. One of these is a limitation of DNS lookups to help ensure that you do not have timeout issues. SPF will evaluate only 10 DNS mechanism lookups in an SPF record (mechanisms include: a, mx, ptr, exists, include, redirect)...
Blog

Happy Birthday, Email RFC 821!

By Chris MeidingerWhen my colleague Erika commented that it's email's birthday month - RFC 821 was posted in August of 1982 - I figured we ought to say happy birthday here on the blog. I set about looking for a more specific date for the RFC's release than "August 1982" to figure out when the exact birthday is, and (of course) my first thought was "well, there must be a mailing list archive...
Blog

The Phishing Kill Chain

One of the great things about a conference like BlackHat is that it gives people like me the opportunity to take a step back, get out of the specific back alleyways of cybersecurity that we usually inhabit, and take a broader, more holistic look at attack and defense. One concept that's been talked about for a while is the Cyber Kill Chain. It takes a military-theoretical approach to network asset...
Blog

DMARC is Transformational

The Benefits of Monitor ModeWhen a technology exists that can tell you if and when your domains are being spoofed (and by who), why would you not use it?!What is DMARC?DMARC was created to address some fundamental problems with existing email authentication technologies (SPF and DKIM). It provides feedback about your email authentication implementation and gives ISPs (Google, Yahoo!, Microsoft...
Blog

DomainKeys, DKIM and DMARC

By Tomki Camp, Director of Support & Services DomainKeys, or DK, was a signing technique implementation which contributed/evolved into DomainKeys Identified Mail, or DKIM. Since development efforts shifted into working on DKIM in 2004, there have been many improvements and far broader adoption of DKIM in email services. All new uses of email signing should use DKIM rather than DK, as the accepted...
Blog

SPF: What’s it all about? And why should I care?

Let’s say you have a very popular store. Your customers love receiving coupons and communications from you by email. Then a spammer sees your email address as a great opportunity to take someone’s personal information. They send an email claiming to be you, requesting updated credit card information from your customers. Now your customers are calling in, upset that their information was...
Blog

Hats off to Yahoo!

On April 4, Yahoo! took one giant step forward for email-kind when they requested all Internet email receivers to stop receiving mail purporting to be From: Yahoo!, that is not authentic. This is done with a “DMARC reject” policy. More recently Yahoo! explained their stance in a blog post."And overnight, the bad guys who have used email spoofing to forge emails and launch phishing attempts...
Blog

The Benefits of the DMARC Standard

In response to the article on PC World, Yahoo email anti-spoofing policy breaks mailing lists, we want to take the opportunity to comment on the benefits of DMARC and the important role it plays in securing companies and consumers. 2013 was a pivotal year for email security – multiple, high profile attacks that leveraged weaponized emails as an attack component finally highlighted to the world how...
Blog

DMARC is expanding globally in surprising ways

Global DMARC coverageDMARC recently celebrated its 2nd year anniversary, and has grown rapidly to become the de facto standard in email authentication. It currently covers 2 billion consumer mailboxes in over 70+ countries and has been adopted by most of the global consumer mailbox providers. For the purposes of this article, ISPs are defined as Internet Service Provider that also offer consumer...
Blog

Agari & Microsoft Fireside Chat at RSA

Watch the fireside chat at RSA with Richard Boscovich, assistant general counsel for the Microsoft Digital Crimes Unit, and Patrick Peterson, CEO & Founder of Agari. On the heels of the Citadel disruption and major industry data breaches, Richard and Pat discuss the future of public and private partnerships working within the judicial system, and how crucial these partnerships are for protecting...
Blog

Agari PRO: The power of a dozen email security experts in one dashboard

With fraud, phishing, and email-borne malware on the rise and with the risks to brands made evident by the recent attacks on Target and Nieman Marcus in 2013, it has never been more important to protect your email channel and prevent attackers from using your brand as a means of targeting consumers. Fortunately, there’s never been a better way to do it.Agari PRO is Agari’s next-generation solution...
Blog

Why DMARC?

So you’ve heard a lot about this new thing called DMARC, but don’t totally understand what to do? You are at the right place! After all, at Agari we are the DMARC guys. (Someone said this to me at a conference recently. I think it deserves a t-shirt. ☺) If you take a few minutes to read on, we will help you understand why you should publish your business’ first DMARC record.First, let’s cover a...
Blog

DMARC by the Numbers

DMARC, which stands for Domain-based Message Authentication, Reporting, & Conformance, is a specification that defines how email can be authenticated by receivers and how they can report the authentication results back to the sender. The specification was published in 2012, and it is now celebrating its second year of having a positive effect in protecting consumer inboxes from spoofed email.To...
Blog

The Email TrustIndex 4th Quarter Edition: Protecting Consumers From Email Cyberthreats

With the data breaches of 2013 bringing cybercrime into the spotlight, one thing has become astoundingly clear – cybercriminals are waging a war and are pulling into the lead. Email plays a key role in this war because email is the single easiest way for criminals to target an individual. Recent breaches have seen criminals sell off that personal information, such as email addresses, home...
Blog

All I Want for Christmas is to Keep My Information Safe

For most people the holidays are the happiest time of the year, when you get to see family and friends, open gifts, and eat more food in one day than you eat during a typical week. But with the good comes the bad, such as the stress of travel and finding the perfect gift for that hard-to-please someone. Cybercriminals are well aware that people are stressed and busy in the months leading up to the...
Blog

DMARC identifies 90% of Top Malicious Attacks

"A 3 month analysis of the top US malicious email campaigns shows DMARC would have identified 90% of these malicious attacks"Over 20 months ago, industry titans including Paypal, Google, Microsoft, Yahoo!, AOL, and Facebook banded together to launch DMARC, a new approach to reducing email phishing/spamming. In the short period since, DMARC has deployed rapidly and now covers 80% of US consumers...
Blog

Strategies to keep your business secure

When it comes to the security of your business, you can never be too careful. We’ve talked about the precautions that consumers should take to keep their personal information secure and out of the hands of cyber criminals. Now let’s talk about what businesses need to keep in mind to keep their data and employees safe.Cybersecurity within a business is especially important for various reasons. To...
Blog

How Phishing is Enabled Through Hacktivism

A report from RSA suggests that hacktivists are indirectly responsible for a portion of phishing attacks. "Hacktivism and the Case of Something Phishy" details how hacktivists are enabling phishing and other types of cybercrime by exposing various databases for their own agendas via a public download link. When this occurs, cybercriminals are quick to swoop in and pillage information including...
Blog

Cracking The Code On DKIM

[caption id="attachment_3331" align="aligncenter" width="655"] Mathematician Zach Harris, 35, of Jupiter, Fl., poses for a portrait on Tuesday. Photo: Brynn Anderson/Wired[/caption]As you may have seen, either via the US-CERT alert or the story in Wired Magazine , a configuration error in DKIM signing implementations was publicized the week of October 22, 2012.This is NOT a weakness in the DKIM...
Blog

DMARC - A Tectonic Shift In Email

The world of email changed forever when fifteen companies–including Agari, Google, Yahoo, AOL, Microsoft, PayPal, Facebook, LinkedIn and American Greetings–publicly announced DMARC.org. This working group has focused on putting the kibosh on domain phishing and brand hijacking. The new specification describes a scalable method for Email Senders and Receivers to work together to directly check the...