The URIs submitted to the Threat Feed are sent on these criteria:
- The message containing the URI must have failed DMARC.
- The message is not from an IP in the customer Sender Inventory.
- The URI domain is not in a domain or a subdomain registered to the customer in the Agari portal.
- The URI sans parameters has not been sent to this Threat Feed within the configurable resubmission timeframe.
- Some other parameters as configurable in the Threat Feed area.
All URIs matching the set parameters are sent. Whether the domain is already set to DMARC-reject or Not is irrelevant.
Timing
The Threat Feed email containing new URIs seen to match the above parameters is sent every 10 minutes, OR as soon as 100 URIs are accumulated.
Source
Threat Feed data is sent from hosts within the IP address range shown in the Threat Feed configuration, with the From address which will be either no-reply@agari.com or donotreply@agari.com
Comments
0 comments
Please sign in to leave a comment.