ValiMail’s mission is simple yet transformational – to bring trust back to email.
Our founders have been in the security and infrastructure field since the late 1990’s and friends since the mid-2000’s. They wondered why email still had no mechanism to address its original sin, which is the inability to authenticate the sender of an email. Without knowing who actually sent you an email, there is no way to know whether you can trust it.
The credit card world has the same dynamic, which it solved through a globally accepted authentication process. Before you can buy from a merchant, your credit card must be validated as active, sufficient in funds, and not reported as stolen. So why couldn’t email have something similar?
Fortunately, in 2012 the email ecosystem (including Gmail, Outlook, Y! Mail, AOL mail, and more) settled on a global email authentication standard, known as DMARC. The problem? Over 70% of all DMARC implementations are not fully realized, making them ineffectual against phishing attacks.
Our founders decided that would not do. With their background in high availability and deep infrastructure, they set about developing a service to leverage DMARC into an end to end solution for companies large and small. It would “automagically” fix the frustrating aspects of full DMARC implementation at a price that most businesses could afford. That would bring back trust to email globally.
Despite what you might hear in the tech press, email is far from dying. In fact, it’s more important than ever. 98.5% of internet users check email daily, and the average person spends six hours a day on email. Particularly for businesses, email is a vital, indispensable communication platform.
Part of the reason for this ubiquity is that email simply works. There’s no more effective and universal medium for reaching current and prospective customers. That’s why email forms the cornerstone of almost every business’s marketing and customer nurture programs.
A Giant Trust Gap
The only problem is trust. Email’s original sin is that it’s easy to fake a message to look like it came from someone it did not. When people first set up email protocols, they balanced costs in computing power, implementation, and ease of use against fraud risk. No one imagined that eventually 80% of email would be phish or spam. So they didn’t include provisions for authenticating email senders.
That wasn’t a huge problem in the 1970s. Today it is.
Lack of authentication has led hackers to create a vibrant industry in fake emails. These take a variety of forms, such as the “W-2 scam,” where a corporate executive receives an email that appears to be from the CEO or a similar authority, requesting W-2 information for all the company’s employees.
Anyone following the email’s instructions will deliver a great deal of Personally Identifiable Information (PII) right into hackers’ hands. There also are scams for wiring money to fake accounts, giving up valuable login credentials, or revealing sensitive corporate secrets.
In fact, email was involved in every major cyberattack in 2014 and 2015, and more than ten million consumers are affected by email attacks every day. These attacks cost brands over $70 billion each year.
Email Authentication to the Rescue
In the past few years, the industry has created a solution: email authentication. The most advanced authentication standard is called DMARC (Domain-based Message Authentication, Reporting & Conformance) and is now honored by all major North American email providers, along with the majority of providers globally.
DMARC blocks more than 99% of messages failing authentication and includes a reporting mechanism, enabling domains to capture useful data to improve performance.
Tricky to Implement
The difficulty for many companies is that DMARC (along with related SPF and DKIM protocols) relies on the Domain Name System (DNS) to share instructions for authentication. Managing these DNS entries is difficult, time-consuming, and error-prone.
DMARC implementation poses many challenges:
- Unforgiving, counterintuitive, and poorly understood specifications
- SPF’s ten lookup limit
- The proliferation of cloud services sending email and their frequent rate of change
- Difficulty in tracking, managing, and rotating DKIM keys
- Overwhelming DMARC reports
Introducing Email Authentication as a Service
That’s where ValiMail comes in. The firm’s founders saw the potential for DMARC to solve email’s “original sin” but realized that many organizations find implementation prohibitively difficult.
ValiMail Pro™ addresses the complexity of DMARC, SPF, and DKIM while simplifying management and reporting through a straightforward web console. This solution:
- Eliminates error-prone editing of text-based DNS records
- Removes limitations of the original standards, such as the SPF ten lookup limit and the difficulty of updating DKIM encryption keys
- Provides easy visibility, protection, and control of DMARC authentication
- Increases deliverability of outbound messages
- Contributes to IT security by closing off phishing emails as an avenue of attack
- Works even for senders and receivers that are completely outside your network