You will notice the reference to domain tags as in "Internal, Partner, Service, etc". Domain Tags are a way to help the system know what this domain is used for, and for your own organizational reasons. They also can have an effect on how the system scores a message.
At the current time, there are only the following domain tags and there is no option for custom tags.
Two of the domain tags will affect the domain reputation, one will whitelist it from BDNIs, while the others will classify the specific domain as a look-a-like domain target.
|
What do domain tags do? |
Internal | Partner | Service | Customer, Webmail, Social, Consumer, Marketing, etc. |
| Raise Domain Reputation | ✔️ | ✔️ | 🚫 | 🚫 |
|
Whitelist BDNI |
✔️ | ✔️ | ✔️ | 🚫 |
|
Specify as a potential look-a-like attack target |
✔️ | ✔️ | ✔️ | ✔️ |
Internal:
Any domain you own and control should be tagged as Internal. Tagging a domain as Internal does a number of things.
First, we specifically look for spoofs of the domains you own with a default out-of-the-box (OOB) policy called Rapid DMARC, which looks for spoofs of domains tagged as internal. Agari also records the systems spoofing your internally tagged domains and allows you to approve them as verified senders under Manage > Senders. Every domain you own should be tagged as internal. This will raise the domain reputation, and for authentic messages, raise the overall trust score.
- A domain tagged as Internal, Partner, or Service will no longer trigger the Brand Display Name Imposter attack classification.
- A domain tagged as Internal or Partner will raise the domain reputation to an 8 or higher. (Note: This does not guarantee a rise in the overall message trust score.)
- A domain with any of the available tags will make that domain a target for other look-a-like attacks with the exception of webmail domains.
Partner:
The Partner tag is very similar to the Internal tag, in which Agari provides an OOB policy for spoofs of partner domains, and the tag does affect scoring in some circumstances. However, unlike the Internal tag, it does not allow you to approve IPs as verified senders. Use this tag over Service when you need to raise the domain reputation and want the messages sent from this domain to be subject to the partner domain spoof policy.
The top ~20 Domains you work very closely with should initially be tagged as Partner when you start to use the service, however, more can be manually tagged as needed. Not every partner needs to be tagged, but these will have an OOB domain spoof policy, will raise the domain reputation, and for authentic messages, raise the overall trust score.
- A domain tagged as Internal, Partner, or Service will no longer trigger the Brand Display Name Imposter attack classification.
- A domain tagged as Internal or Partner will raise the domain reputation to an 8 or higher. (Note: This does not guarantee a rise in the overall message trust score.)
- A domain with any of the available tags will make that domain a target for other look-a-like attacks with the exception of webmail domains.
Service:
The Service tag is for applications you use and work with, do not own, but need to whitelist them from BDNIs. These are services like payroll which may commonly put a major credit card vendor in the display name and need to be whitelisted. Use this tag instead of the Partner tag when you do not want to increase the domain reputation and have it subject to the partner domain spoof policy.
- A domain tagged as Internal, Partner, or Service will no longer trigger the Brand Display Name Imposter attack classification.
- A domain with any of the available tags will make that domain a target for other look-a-like attacks with the exception of webmail domains.
Customer, Webmail, Social, Consumer, Marketing:
The rest of the domain tags are for your own internal classification.
- A domain with any of the available tags will make that domain a target for other look-a-like attacks with the exception of webmail domains.
Comments
0 comments
Please sign in to leave a comment.