Since ValiMail is sold as a SaaS, the adoption of DMARC is simple for IT staff, and clients enjoy global reliability and scalability. ValiMail’s system authenticates every email in milliseconds to end impersonation attacks, control shadow email services, and secure the enterprise email ecosystem. Another bonus: email authentication positively impacts deliverability as well, something every marketing department values. Many third-party SaaS apps don’t come under the purview of IT when teams and workgroups purchase them, yet IT is expected to enforce governance and compliance. ValiMail identifies three classes of senders: legitimate sanctioned services, legitimate un-sanctioned services (shadow email), and malicious senders (phish). This gives IT the power to work with the business to bring all IT investments into compliance. García-Tobar emphasizes that at no time does ValiMail’s system ever see any PII (Personally Identifiable Information).
To get started, customers make a one-time modification to their DNS to delegate a DMARC record to ValiMail.
ValiMail’s email authentication service ends impersonation attacks, protects corporate email brand reputation, and gives CIOs and CISOs control over shadow email services
This kicks off the monitoring phase, during which “ValiMail identifies all third-party senders utilizing the domain name to send emails. This allows us to identify suspicious senders that are impersonating the brand, as well as SaaS apps that use the domain name to send email,” says García-Tobar. A report based on domain traffic is prepared and presented, giving CIOs and CISOs visibility and total control over their email ecosystem. Senders classified as ‘authorized’ can continue using the domain name as an email sender while suspicious senders and unauthorized SaaS apps can be shut out.
García-Tobar recounts the example of working with one of the largest crowd-sourced transportation services in the world. When the customer discovered a significant number of phishers impersonating their email domain, it was clear to them that DMARC authentication was the best solution to the problem. The company, however, spent more than a year trying to implement DMARC and was unable to get to enforcement. After adopting ValiMail, the customer got to enforcement within 90 days, after a brief monitoring period. ValiMail’s email authentication service cut phishing volume by over 99 percent and eliminated the spear-phishing attacks completely. García-Tobar notes that ValiMail not only secures incoming email traffic but outgoing email traffic as well. ValiMail’s email authentication service works at the domain level and acts to inoculate both sender and receiver—once the domain is protected then impersonation attacks can be eliminated.