Startup Agari debuts today with cloud-based email security services aimed at allowing enterprises and e-commerce companies to identify and block fake and spoofed email exploiting their legitimate business domain names to conduct scams and phishing attacks.
Facebook and YouSendIt are among the early adopters of the Agari technology, according to Patrick Peterson, founder and CEO of the company, which is based in Palo Alto.
[ In the data center today, the action is in the private cloud. InfoWorld's experts take you through what you need to know to do it right in our "Private Cloud Deep Dive" PDF special report. | Also check out our "Cloud Security Deep Dive," our "Cloud Storage Deep Dive," and our "Cloud Services Deep Dive." ]
"They understood how email identity is being abused," says Peterson, who adds the Agari service allows Facebook, for example, to set policy controls and automatically block fake email attempting to exploit Facebook's legitimate domain names used for email.
Agari's protective filtering relies on the big email providers to make it work, and Agari so far has gotten AOL, Google, Microsoft, and Yahoo on board to integrate the Agari technology directly into their email systems to be able to detect fake email. Today, Google product manager Adam Dawes, AOL mail engineering lead Charlie Biegel, Microsoft general manager, safety services, John Scarrow and Yahoo Mail senior director of product management David McDowell each voiced support for the Agari platform to stop illegitimate sources of email.
This accounts for about 1 billion email boxes, says Peterson, noting that there's no financial arrangement with the four big email providers regarding supporting the Agari platform. Already, about 1.5 billion messages each day are now being securely filtered using Agari technology to weed out email attack traffic for customers. While this is a big step, Peterson is the first to admit more is needed.
The Agari service is intended for businesses to be able to set email security policies from the Agari portal that AOL, Google, Microsoft and Yahoo will automatically implement on their behalf to block email detected to be fake and abusing the legitimate domain name of the business, with what Peterson says is a "one in one million false positive rate." Customers using Agari can also show a stream of any blocked email determined to be spoofed or fraudulent.
Agari's technology is called the Agari Email Trust Fabric, and it makes use of established Internet protocols DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF). Peterson says about half of all Internet mail today is SPF and DKIM-signed already, and customers using the Agari service must support it, too.