From time to time you may notice that Agari Phishing Defense applies the "look-a-like domain" attack classification to domains that are legitimate senders to your organization. This is due to the domain closely resembling a well-known domain name.
As there are countless domain name variations you may from time to time run across a false positive. To quickly fix these false positives, simply click on the domain name and give it any domain tag.
If you are looking at a particular message you will want to click on the hyperlinked domain name as shown below:
You will be then sent to the domains details page. Here on the right side, you have the option for domain tags. Any domain tag will stop calling the domain a look-a-like, and will also start to call that domain a target for look-a-likes of itself.
Please note that tagging domains as Internal, Partner, or Service can have other impacts on scoring. For more information about domain tags and how they affect scoring please see, What are domain tags and how do they affect messages in my APD portal?.
Alternatively, you can also view all domains that have been classified as look-a-like domains by going to Manage > Domains and searching for the look-a-like attack classification. Here you can add tags quickly to domains.