Valimail leads DMARC vendors worldwide

Zero-trust sender identity company now has more DMARC clients under management, more clients at enforcement, and is the fastest-growing DMARC vendor as validated by DNS.

SAN FRANCISCO, June 16, 2020 —Valimail, the leading provider of zero-trust, identity-based anti-phishing solutions, announced that as of June 1 it now manages DMARC for more organizations — with more domains at enforcement — than any other vendor worldwide.

Valimail now accounts for 19% of the world’s DMARC records that are managed by a service provider, making it the top DMARC vendor globally. Of DMARC records at enforcement worldwide, Valimail now manages 26.1%. The nearest competitors only account for 18.9%, 17% , and 11.5% of DMARC records with enforcement, respectively.

Valimail is also the fastest-growing vendor, adding thousands of DMARC records per month — more than any other vendor. In addition, Valimail is the largest provider of DMARC services for Microsoft 365 customers.

Valimail’s analysis is based on regular scans of tens of millions of organizational domains in DNS — including a broadly representative sample of global corporations, nonprofits, and government organizations.

DMARC is short for Domain-based Message Authentication, Reporting, and Conformance, a global standard used by 80% of the world’s inboxes to prevent fraudulent use of sending domains. DMARC enforcement is defined as a DMARC record, with no errors, configured to a policy of p=quarantine or p=reject. These policy settings direct email that fails authentication into spam folders or oblivion, respectively. To be at enforcement, a domain must apply an enforcement policy to all email, not just a percentage, and it must apply for all subdomains of the organizational domain as well.

DMARC enforcement is one of the prerequisites for the new Brand Indicators for Message Identification (BIMI) standard, which will allow domain owners to configure logo images that participating inbox providers will display alongside authenticated emails coming from their domains. Yahoo Mail has been testing BIMI in a trial program for the past year, and Google is expected to begin its own BIMI pilot later this year.

Valimail’s data analysis is based on a detailed analysis of tens of millions of domains worldwide. Using publicly available DNS data, Valimail is able to determine, for every one of these domains, whether DMARC is configured correctly and completely, as well as whether the underlying SPF record is correct. Valimail also analyzes a host of other publicly available data to complete its picture of DMARC usage across the Internet.

While there are many more domains in existence, Valimail’s analysis focuses on domains that are associated with known real-world organizations. In other words, the analysis excludes millions of DMARC-enabled domains that are not associated with any verifiable entities and are most likely being used for spam or phishing campaigns. The analysis also counts organizational domains only (e.g. “”), not subdomains (like “,” “,” etc.).

The findings announced today are a preview of data that will be released in the next edition of Valimail’s Email Fraud Landscape, an industry-leading analysis of fraud, impersonation, and authentication, which is due later this month.

Valimail is a pioneer and leader in zero-trust identity-based email security. The company’s mission is to eliminate phishing by authenticating digital communication at-scale. Its DMARC solution was the first automated solution on the market, offering unmatched visibility into sending services, and authenticates billions of messages a month for some of the world’s biggest companies, including Splunk, Yelp, Fannie Mae, Mercedes Benz USA, and the U.S. Federal Aviation Administration.

Domain owners can sign up for Valimail’s free, industry-leading DMARC monitoring solution, Valimail DMARC Monitor, by signing up here:

valimail logo