X

Google, Microsoft, Yahoo, AOL join Agari anti-phishing service

Big e-mail providers to share data with startup that analyzes it for Facebook, banks, and other firms whose brands are used for phishing.

Elinor Mills Former Staff Writer
Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.
Elinor Mills
2 min read
This bar chart shows how many suspicious e-mails Agari blocked since early August.
This bar chart shows how many suspicious e-mails Agari blocked since early August. Agari

The major Web-based e-mail providers are joining forces with an anti-fraud startup, which is launching tomorrow, to help keep phishing messages out of peoples' inboxes.

Google, Microsoft, Yahoo, and AOL are providing metadata from messages that get delivered to their customers to Palo Alto, Calif.-based Agari so it can be used to look for patterns that indicate phishing attacks. Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure, according to Agari CEO Patrick Peterson.

The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening.

"Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari, told CNET in an interview. "They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.

Google expects Gmail users to benefit as more mail senders authenticate their messages and implement block policies.

"Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud," Google Product Manager Adam Dawes said in a statement to CNET. "Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."

Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.

Agari protects 50 percent of U.S. consumer e-mail traffic and more than one billion individual mailboxes.