Matt Thomas

Matt Thomas is a distinguished engineer at Verisign. His research focuses on numerous aspects of internet security, stability, and resiliency, including but not limited to Distributed Denial of Service attacks, domain name abuse, miscreant behavior within the Domain Name System, and large-scale measurements and evolving trends in internet architectures. Matt is responsible for supporting an array of activities across the company, including data-driven analytical functions for Verisign’s value-added services, supporting internal research initiatives, external engagement, and supporting critical data analysis efforts. He has more than 15 years of experience working with large distributed data collection and analysis systems.

Prior to joining Verisign in 2008, Matt worked as a software engineer at AT&T. He was responsible for designing and implementing a distributed data collection system that measured and analyzed the operational performance of systems and services throughout the world.

Matt currently serves as the vice chair of the board of directors for the Messaging, Malware and Mobile Anti-Abuse Working Group. He is also an active member of the Internet Corporation for Assigned Names and Numbers’ Security and Stability Advisory Committee. Matt has authored more than 10 peer-reviewed publications and he has been awarded 11 patents from the United States Patent and Trademark Office. He is a Certified Information Systems Security Professional and Certified Hadoop Developer.

Matt holds a Master of Science in information systems and technology, and a Bachelor of Science in computer science from The Johns Hopkins University.

Recent posts by Matt Thomas:

Verisign Outreach Program Remediates Billions of Name Collision Queries

A name collision occurs when a user attempts to resolve a domain in one namespace, but it unexpectedly resolves in a different namespace. Name collision issues in the public global Domain Name System (DNS) cause billions of unnecessary and potentially unsafe DNS queries every day. A targeted outreach program that Verisign started in March 2020 has remediated one billion queries per day to the A and J root name servers, via 46 collision strings. After contacting several national internet service providers (ISPs), the outreach effort grew to include large search engines, social media companies, networking equipment manufacturers, national CERTs, security trust groups, commercial DNS providers, and financial institutions.

Qname minimzation blog header image

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the “need to know” principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider — or to other parties — to the minimum the service provider requires to perform a service.  This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS.


Revisiting How Registrants Can Reduce the Threat of Domain Hijacking

Recent events1,2 have shown the threat of domain hijacking is very real; however, it is also largely preventable. As Verisign previously noted3, there are many security controls that registrants can utilize to help strengthen their security posture. Verisign would like to reiterate this advice within the context of the recent domain hijacking reports.