If you would like to make sure your take down vendor is receiving your reports, you will need to add their receiving email address to the portal. To add your take down vendor, you will need to follow these steps:
Step Two: Once you have landed on the Threat Feed page, you will want to click Configure your Threat Feed button:
You will be presented with a pop up of configurations. Check the checkbox next to Send threat feed to email recipients:. Enter a comma separated list of valid email addresses which will receive your Threat Feed. This list should include the email address of any take down vendors that you wish to directly receive your Threat Feed.
Notes on Threat Feed emails:
- This email feed is potentially high volume. It is recommended for automated processing and not a personal email address.
- These emails will contain malicious URIs. You should whitelist these emails from your anti-spam and anti-virus filters.
- Threat Feed emails will come from a source IP address in the following ranges 220.127.116.11/22, 18.104.22.168/22, 22.214.171.124/18.
- Threat Feed emails will use a From header email of 'Agari <firstname.lastname@example.org>'.
- Threat Feed emails will use the Subject line you designate below in 'Subject of feed emails:'.
You also have the option to check the following boxes:
- Include - If checked, the From: header domain used in the message from which the URI was extracted will be included in the Threat Feed email.
- Include Subject lines in feed emails - If checked, the subject line used in the message from which the URI was extracted will be included in the Threat Feed email.