Yelp was founded in 2004 to connect people with local businesses and has continued to prioritize the experience of its visitors — 100 million unique monthly visitors across mobile web and app, and 75 million desktop — as well as its 4,000+ employees.
As a global, multinational platform connecting millions of people to great local businesses, trust is a critical element of the Yelp customer experience. Users should be able to trust that the 155 million reviews on the platform are authentic and also have faith that digital communications from Yelp are secure.
Manual DMARC Isn’t Scalable
The security team at Yelp is organized under engineering, and manages the overall infrastructure and security for the company, as well as the consumer-facing Yelp app. After getting one of its many domains to DMARC enforcement, Vivek Raman, Head of Security, and Ioannis Koniaris, Security Engineering Manager, knew that a manual approach was not the most efficient way to tackle email authentication.
With two of their team members taking almost twelve months to reach enforcement on just one domain, there was a lot more work to be done. Complicating matters was a constantly changing IT environment that was shifting to a cloud-based infrastructure. All these factors required the security team to stay agile in order to manage the security of millions of users and employees efficiently.
The security team needed a solution that allowed them to meet the top-level Yelp goal of maturing as an organization, while also creating a robust and layered security defense that included DMARC enforcement.
An Automated DMARC Solution
The team knew that achieving DMARC enforcement was a critical aspect of layered protection, but throughout the process, they uncovered a lot of “unintentional complexities.” Instead of piecing together an approach to overcome these challenges with the help of one-off tools and additional reporting, they opted to find a holistic solution to their problem and permanently remove the burden from their internal team.
Valimail takes a big headache off of our team. There is a lot of tedious
Vivek Raman, Head of Security, Yelp
work that would be required if we didn’t use Valimail.
After evaluating a few different vendors, the security team knew that Valimail was the right choice for their business needs. Raman said, “We looked at a few others, but none of them were direct competitors. They provided tools but not an enterprise solution for the management of the entire process.”
Yelp quickly implemented Valimail Enforce, and instantly had complete visibility into all of its emailing and non-emailing domains, helping the security team uncover shadow IT and malicious senders.
In the past, we had to have one dedicated engineer look at the DMARC reports every week or every day; with Valimail we can just click one button.
Ioannis Koniaris, Security Engineering Manager
Improved Security and Complete Visibility
“The short-term benefits were clear… we weren’t sure what the long-term benefit would be, but we’ve continued to see the value over time,” says Raman. And those long-term benefits have continued to compound. Not only does Valimail provide complete visibility, but it also responds to all authentication requests in real-time, ensuring mail gateways receive complete and correct DMARC, SPF, and DKIM records in all cases over time.
In a little under two years, Valimail has provided authentication responses for over 3 billion emails and blocked almost 11 million suspicious emails for Yelp.
Yelp’s 70 domains are being monitored and protected by Valimail Enforce™, and Yelp’s security team can now manage everything through a single dashboard, authorizing or deauthorizing emailing services with the click of a button. Additionally, technological complexity is no longer an issue. Koniaris says, “Valimail solved a big problem for us: the limit of the DNS lookups in our SPF record.” Technological issues like these no longer limit Yelp, because Valimail’s patented technology overcomes these hurdles.
In a continually changing environment where new services are frequently added or moved to the cloud, Valimail gives the security team the flexibility to quickly adjust to these changes and provide value across the organization. If any team wants to change email-sending tools, they know they can count on the Yelp security team to get them up and running. “Valimail gives us the ability to let employees be flexible with the tools they use, without being overly burdensome to the company,” says Raman. And if there is ever an issue with a new sender, the Valimail customer success team works directly with the vendor to quickly resolve the issue. “As we evolve, it’s helpful to have a partner that can manage this for us.”
Valimail is the leader in automated email authentication, with a comprehensive platform for anti-impersonation, brand protection, and anti-fraud defense. Valimail’s patented, standards-compliant technology provides an unrivaled, fully automated solution for DMARC enforcement to stop phishing attacks, increase deliverability, and protect organizations’ reputations.
Valimail authenticates billions of messages a month for some of the world’s biggest companies, in finance, government, transportation, health care, manufacturing, media, technology, and more. Schedule a demo today to learn how you can protect your brand and domain with DMARC!
*Since enforcement
**This case study was originally published July 2018. Be on the lookout for an updated version in 2023!