ValiMail: Automating Email Authentication

When email was originally developed in the early 1980’s, protocols were architected without adequate security features, allowing emails to be spoofed and sent fraudulently by hackers. Alexander García-Tobar, CEO and Co-founder of ValiMail, refers to this as email’s “original sin.” Today, email is the number one attack vector for modern phishing attacks. But there’s a solution: email authentication based on the DMARC standard. DMARC—Domain-based Message Authentication, Reporting & Conformance, is a global standard that can solve for email’s original sin, but there are several complexities that make it a time-consuming and difficult undertaking for most businesses to implement. This is where ValiMail comes in. With its automated email authentication service, the firm has effectively replaced a labor-intensive manual approach with a robust cloud service that automates the process. ValiMail has helped several customers achieve DMARC enforcement with minimal customer effort, including HBO, Uber, Yelp, CNN, and City National Bank. “ValiMail ensures that clients get to DMARC enforcement and stay there despite rapidly-changing email ecosystems,” says García-Tobar.

Since ValiMail is sold as a SaaS, the adoption of DMARC is simple for IT staff, and clients enjoy global reliability and scalability. ValiMail’s system authenticates every email in milliseconds to end impersonation attacks, control shadow email services, and secure the enterprise email ecosystem. Another bonus: email authentication positively impacts deliverability as well, something every marketing department values. Many third-party SaaS apps don’t come under the purview of IT when teams and workgroups purchase them, yet IT is expected to enforce governance and compliance. ValiMail identifies three classes of senders: legitimate sanctioned services, legitimate un-sanctioned services (shadow email), and malicious senders (phish). This gives IT the power to work with the business to bring all IT investments into compliance. García-Tobar emphasizes that at no time does ValiMail’s system ever see any PII (Personally Identifiable Information).

To get started, customers make a one-time modification to their DNS to delegate a DMARC record to ValiMail.