DMARC for Email: An Interview with Ravi Khatod, CEO of Agari

Back in the early 1980’s, we used a tool in Bell Labs called Unix-to-Unix Copy (UUCP) to share files. We soon became aware, however, of a better protocol originated by the late, great Jon Postel called Simple Mail Transfer Protocol or SMTP. Today, you would likely refer to this protocol as email, and some would say that it has influenced human life in this century on a scale comparable to Guttenberg’s printing press, five hundred years earlier.

Despite the vision and genius of Jon Postel, the SMTP protocol did not include a reasonable mechanism for authenticating senders. Given the early norms that existed on the emerging Internet at the time, this did not seem a major omission. But the shortcoming gradually increased in intensity, and before long, email became a toxic stew of fake and spoofed email. In fact, by some estimates, more than half of the email on the Internet today is Spam.

To address this problem, email security standards emerged such as DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework). As DKIM and SPF were wrapped into a new standard called DMARC (Domain Message Authentication Reporting and Conformance), security teams finally had a means to improve the authentication properties of their email usage. The challenge was getting everyone to adopt and use the standard.

One of the leading organizations driving this important DMARC initiative has been Agari. The company has been at the absolute forefront in the push toward improved cyber security for messaging. Agari offers a platform that is both mature and easily integrated into enterprise messaging infrastructure. We recently sat down with the company’s CEO Ravi Khatod, to learn more about this important area of enterprise email security.

EA: What is the authentication issue with typical enterprise email?

RK: Without authentication, it is impossible to establish a trusted identity. Unfortunately, a lot of enterprise email is sent without authentication, which puts it at risk for spoofing and fraud. Malicious third parties can easily hijack a brand by sending emails on their behalf, which can damage the reputation of a company or any other organization by negatively impacting their customers. Phishing attacks are among the most common and effective forms of cybercrime today, even by the most advanced adversary, which is why so many organizations depend on Agari for protection.

EA: How does DMARC address this weakness?

RK: Agari has been working closely with the industry for half a decade to develop DMARC, which is an open standard that authenticates the sender of a message to its receiver. Because it is an open standard, DMARC is supported by every major email service provider, which means unauthenticated messages can be quarantined or completely blocked from being delivered to the users’ inbox. And it’s one of the most effective ways to protect the trust people have in your brand.

EA: Tell us about your platform and how it works.

RK: The Agari Email Trust platform is currently used by Facebook, Microsoft, Google, six of the top ten banks and hundreds of government domains to protect their inbound and outbound email messages from identity deception attacks, such as phishing and business email compromise. Agari protects more than two trillion emails per year, and we use this data to inform more than 300 million machine learning models, which we call Agari Identity Intelligence – and we update these models every day. Our AI-based solution leverages this enormous data set to build models of trusted communication. It is impossible to build models of malicious behavior because you cannot predict what technique or tactic cybercriminals will try next. So instead, we model this enormous set of known, trusted communications to teach our machine learning models what “trustworthy” communication looks and acts like. That lets us identify deviations from the good, detect the bad, and stay one step ahead of criminals.

EA: What sort of telemetry will security teams have access to once they buy into DMARC?

RK: DMARC is a free and open standard, which can be deployed easily within minutes, so the only buy-in is the desire to improve email security. Once deployed, DMARC enables organizations to gain a complete view of their email ecosystem, including third-party senders, email volume and forensic data on attacks impersonating their domains.

EA: Have you seen real risk reduction in enterprise since you’ve been delivering platform solutions these past years?

RK: Absolutely. We’re changing the game and turning the tables on cybercriminals with this model. Cybersecurity has traditionally been a game of cat and mouse. Criminals develop new techniques, security experts develop new defenses, criminals develop new techniques, and so on. Despite decades of technical innovation and billions of dollars invested, security experts have always been fighting a defensive battle. But by switching the focus of our AI to model the good, and by moving away from the traditional perimeter-based enterprise defenses into more cloud-based solutions, we’re seeing a widespread modernization of security that’s making a real difference. The zero-trust model is predicated on identity, authorization and authentication. Artificial intelligence solutions are enabling organizations to make smarter business decisions. The pendulum is swinging in favor of organizations that are embracing these new trends.