Agari Field CTO John Wilson will be giving a talk on "Preventing Unauthorized Email Spoofing with DMARC" at SCALE 14X on Sunday, Jan. 24 at 1:30. The SCALE Team caught up with John to ask him about his presentation.
Q: Could you please introduce yourself and tell us a little about your background?
A: I'm John Wilson, Field Chief Technology Officer for Agari. I hold a degree in Computer Science and Engineering from MIT, and have worked at a number of large companies including Oracle and SAP before discovering that I like the start-up lifestyle so much more. I've been with Agari for 5 years. Our mission is to eliminate email as a vector for cybercrime.
Q: You're giving a talk on “Preventing Unauthorized Email Spoofing with DMARC.” Without tipping your hand on the actual talk, can you give us an idea of what we might expect?
A: SMTP was invented in 1982, and we still use it today largely unchanged to move email around the Internet. Unfortunately, the inventors forgot one very important thing: Authentication. Anybody can send a message using any address they'd like on the From: header. This basic flaw, combined with the ubiquity of email, has made email the number one favorite tool for cybercriminals. During my talk, I'll start with a few recent examples of criminals abusing this flaw for financial gain. I will then talk about various efforts to close this security hole, culminating with the most successful attempt to date: DMARC. After a technical description of the inner workings of DMARC and its underlying authentication protocols SPF and DKIM, I will present some of the open-source tools and libraries available to help you implement an authenticated email channel. I will also discuss some of the controversy around mailing lists and DMARC, and provide suggestions to help your mailing lists play nicely with DMARC.
Q: Is this your first visit to SCALE? If so, what are your expectations? If not, can you give us your impressions of the event?
A: Yes, this is my first visit. I hope to meet other technologists who share my passion for email and security.
Q: Is your talk oriented towards technology folks or business folks? What should I know before attending your session?
A: My talk will contain a great deal of technical content. That said, I will not assume the audience has any prior experience with email authentication. By attending my session, I believe that every SCALE attendee will learn something new about securing the email channel using open standards.
Q: Is there anything else you'd like to add?
A: I'm excited to have the opportunity to share my knowledge on this topic with SCALE 14x attendees!
SCALE Team interview by Sean McCabe