Skip Links

Start-up Agari debuts with security to stop fake e-mail, phishing attacks

AOL, Google, Microsoft, Yahoo on board to support security technology; Facebook said to be early adopter

By , Network World
November 30, 2011 09:33 AM ET

Network World - Start-up Agari debuts today with cloud-based e-mail security services aimed at allowing enterprises and e-commerce companies to identify and block fake and spoofed e-mail exploiting their legitimate business domain names to conduct scams and phishing attacks.

Facebook and YouSendIt are among the early adopters of the Agari technology, according to Patrick Peterson, founder and CEO of the company, which is based in Palo Alto.

Facebook community forum swamped by spam during Thanksgiving

"They understood how e-mail identity is being abused," says Peterson, who adds the Agari service allows Facebook, for example, to set policy controls and automatically block fake e-mail attempting to exploit Facebook's legitimate domain names used for e-mail.

Agari's protective filtering relies on the big e-mail providers to make it work, and Agari so far has gotten AOL, Google, Microsoft and Yahoo on board to integrate the Agari technology directly into their e-mail systems to be able to detect fake e-mail. Today, Google product manager Adam Dawes, AOL mail engineering lead Charlie Biegel, Microsoft general manager, safety services, John Scarrow and Yahoo Mail senior director of product management David McDowell each voiced support for the Agari platform to stop illegitimate sources of e-mail.

This accounts for about 1 billion e-mail boxes, says Peterson, noting that there's no financial arrangement with the four big e-mail providers regarding supporting the Agari platform. Already, about 1.5 billion messages each day are now being securely filtered using Agari technology to weed out e-mail attack traffic for customers. While this is a big step, Peterson is the first to admit more is needed.

The Agari service is intended for businesses to be able to set e-mail security policies from the Agari portal that AOL, Google, Microsoft and Yahoo will automatically implement on their behalf to block e-mail detected to be fake and abusing the legitimate domain name of the business, with what Peterson says is a "one in one million false positive rate." Customers using Agari can also show a stream of any blocked e-mail determined to be spoofed or fraudulent.

Agari's technology is called the Agari Email Trust Fabric, and it makes use of established Internet protocols DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). Peterson says about half of all Internet mail today is SPF and DKIM-signed already, and customers using the Agari service must support it, too.

But the Agari service at this point doesn't provide this security filtering for e-mail destined for the typical corporate e-mail server, and thus is more consumer-focused in that regard for now. "This is not for [Microsoft] Exchange," says Peterson but adds Agari is working on finding a way for its technology to apply to various corporate e-mail servers as well.

Also, as of yet, the Agari system wouldn't stop attackers that could evade the Agari e-mail filtering process by using, for instance, European telecom or ISPs which don't yet support Agari filtering.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News