Enforcing email authentication through DMARC contributes to your overall regulatory compliance in a variety of ways:

  • Protect against the most likely reason for costly loss of employees’ PII, credit card records, or other information and the mandatory breach notifications that follow
  • Maintain compatibility with all common regulatory compliance requirements
  • Control email to conform with CAN-SPAM and similar laws
  • Work with industry standards to ensure your approach is effective and future-proof
  • No need to expose the content of sensitive business emails to any third-party service

Compatible with All Common Regulatory Compliance Needs

ValiMail Pro™ is fully compliant with all major regulatory and industry standards and requirements. These requirements include but are not limited to:

  • Sarbanes-Oxley
  • FDIC
  • PCI DSS
  • HIPAA
  • Safe Harbour
  • SOC2
  • FISMA

Laws such as CAN-SPAM and CASL (Canada’s Anti-Spam Law) place specific boundaries on what email activity is allowed and what is not. Institutions failing to follow these regulations can face legal action, the suspension of sending capabilities on popular marketing automation platforms, or both.

While direct marketing and messaging departments may have the understanding to stay within guidelines, it is easy for other groups to engage cloud services that send email as your company with little to no thought to compliance. This trend toward “Shadow IT” can put your brand, email, and company at risk.

By giving you visibility and control over which services can send email as your company, ValiMail enforces your compliance rules around email sent on your behalf, ensuring you don’t run afoul of critical regulations.

Block the Leading Attack Vector for Personal Information

One fast-rising criminal vector is the W-2 attack. A W-2 attack is a specific form of phishing attack whereby the criminal uses impersonating emails to trick staff members into releasing employees’ W-2s or other Personally Identifiable Information (PII), which can then be used for identity theft, improperly obtained credit, or other forms of fraud. Spear phishing emails also can lead to the loss of credit card numbers or other confidential information.

Companies releasing this kind of data – even because of criminal activity – often must notify the public of the breach, provide affected parties with expensive fraud monitoring services, and accept other penalties. Recently we’ve seen the rise of class action lawsuits against companies by their own affected employees, including Seagate and Sprouts Farmer’s markets.

In fact, senior executives have lost their positions for high profile breach notifications at such organizations as Target, Sony, and others. ValiMail’s service is an effective approach to blocking these types of phishing attacks and demonstrating that your company leads with email security best practices.

Using DMARC email authentication you can eliminate email impersonation attacks against your company, greatly reducing criminals’ ability to fool a staff member into revealing the confidential data that threaten to be so damaging your employees, customers, reputation, and bottom line.

A Standards-based Best Practices Approach

ValiMail Pro employs the open standard DMARC (Domain Message Authentication, Reporting & Conformance) – which incorporates SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) – to ensure the authentic identity of emails using your domain names. These approved standards are supported by all major ESPs, including the 2.7 billion mailboxes that receive more than 99% of all email messages in North America and the strong majority of emails around the world.

By ensuring the correct implementation of records for these standards through automation, ValiMail uses capabilities that already exist in the email infrastructure to prevent impersonation attacks. No special software or systems required.

Finally — a Security Solution That Doesn’t Require Your PII

Most products built to combat phishing require that software examine the content of incoming messages, putting an outside party in the middle of your confidential communication chain. The DMARC approach requires no exposure of your mail to any outside service. That means ValiMail can never view, modify, or store the content of your email, nor delay its delivery.

The service operates entirely using publicly available DNS information that your organization, of necessity, exposes today. The service gathers its email volume data not from your or your vendors’ systems but rather from the email receivers themselves. That means the collected information is entirely public-facing, originates from third parties, and does not come out of your institution in any way.