Valimail CEO Explains the Basics of Email Authentication in Wharton Podcast
Valimail CEO and cofounder Alexander García-Tobar recently spoke on the Wharton Business School talk show “Bay Area Ventures.”
If you want an accessible, easy-to-understand introduction to phishing, email authentication, and what Valimail does to help, this is a great place to start. In the first 20 minutes Alex walks show cohosts Irena Yen and Doug Collum through the basics.
Here’s the audio of the show:
In the second half of the show, Alex explains how Valimail landed some of its first customers, incuding Uber and Wix, and how the company got traction and managed to grow to the point where it was able to attract a substantial Series A round of investment. He’s got a few words of advice for aspiring entrepreneurs, too.
This show originally aired on November 21, 2016, on Sirius XM Channel 111, Business Radio Powered by The Wharton School.
A few key points from this podcast:
- All the major email service providers, including Google, Microsoft, and AOL, now support DMARC.
- Another 60,000 domains have DMARC in place, but unfortunately 70% of them are misconfigured.
- Alex explains the differences between phishing, spear phishing, and “whaling,” and he talks about how authenticated email can help.
- “Email is the largest communications platform there is.”
- “Email sent to you by Uber might actually be sent by Sparkpost and Sendgrid, which send receipt emails. Or Newgistics, which handles notifications if you leave your phone behind in a car. You’re relying on the fact that it says it’s Uber. So how do you know you can trust that?”
- “As more an more companies adopt cloud services, they drag along the need for emails being sent by those services as you. So you what you end up with is this very confusing world where there are people legitimately sending for you, legitimate services that should not be sending as you because you never authorized them, and then the bad guys who are trying to scam you.”
- “Over 90% of all major cyberattacks start with a phishing attack, you would think this would be the first thing you would do. And yet when you go to WhiteHouse.gov, it’s not authenticating.”