Facebook  Twitter  Google +  Linkedin

Google, Microsoft, Yahoo, and AOL joined forces with an anti-fraud startup to help keep phishing messages out of peoples' inboxes.
The major web-based email providers will be providing metadata from messages that get delivered to their customers to AGARI so it can be used to look for patterns that indicate phishing attacks.

According to Agari CEO Patrick Peterson, "Agari collects data from about 1.5 billion messages a day and analyzes them in a cloud-based infrastructure".
The company aggregates and analyzes the data and provides it to about 50 e-commerce, financial services and social network customers, including Facebook and YouSendIt, who can then push out authentication policies to the e-mail providers when they see an attack is happening.

"Facebook can go into the Agari console and see charts and graphs of all the activity going on in their e-mail channel (on their domains and third-party solutions) and see when an attack is going on in a bar chart of spam hitting Yahoo," for instance, Daniel Raskin, vice president of marketing for Agari. 

"They receive a real-time alert and they can construct a policy to push out to carriers (that says) when you see this thing happening don't deliver it, reject it."

Agari doesn't collect the actual messages, he said. Some e-mail providers will take a message that is failing authentication and provide the malicious URLs in it to Agari to pass on to the company whose name is being used in the phishing messages, Raskin said. "Other than that we don't want to see the content," he said.

Google Product Manager Adam Dawes said "Since 2004 Gmail has supported several authentication standards and developed features to help combat e-mail phishing and fraud, Proper coordination between senders and receivers is the best way to cut down on the transmission of unauthorized mail, and AGARI's approach helps simplify this process."

Agari, which has been operating in stealth mode since October 2009, rejected more than 1 billion messages across its e-mail partners' networks in a year, according to Peterson, who was with the original management team of e-mail security firm IronPort. IronPort got acquired by Cisco in 2007.