Whitepapers & Ebooks

Building a Scalable, Service-Centric Sender Policy Framework (SPF) System

Configuring the Sender Policy Framework doesn't need to be difficult, time-consuming, and error-prone.

Executive FAQs

In this FAQ, we address many common questions that will help you understand why you need email authentication, how it works with your other internal security systems, and how it can provide protection across your organization.

(Primer) A Next-Generation Approach to Email Authentication

Current approaches to email authentication have difficulty reaching the end-goal of DMARC enforcement.  This primer gives executives insight into a better way of getting there via an automated DMARC enforcement platform that never touches their organizations' DNS.

What is Email Authentication?

Email authentication standards enable any mail server, anywhere, to verify that an email with your domain in the “From” address has been authorized to send in your name. Email authentication is extremely powerful, but it requires careful configuration of DNS, intimate knowledge of the email infrastructure of thousands of sending services (in order to resolve potential … Continued

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a widely-accepted open standard that ensures only authorized senders can use your domain in the From: field of their email messages. DMARC builds on two earlier email authentication standards, SPF and DKIM.

A Next-Generation Approach to Email Authentication

Valimail solves some of the biggest problems in today's cloud-based email ecosystem. This high-level summary outlines the business value and explains features and benefits.

What is DKIM?

DomainKeys Identified Mail (DKIM) is one of three key standards enabling email authentication. Unlike SPF, which uses rule sets to determine authorized IP addresses, DKIM uses public key

What is SPF?

Sender Policy Framework (SPF) is a cornerstone of email authentication, and is the first of several standards established for that purpose.

Case Studies


Learn how VTS, one of the hottest SaaS companies in the commercial real estate space in New York City, blocked spear phishing directed at executives with Valimail.


Learn how the technical staff at Yelp conquered the SPF 10-lookup limit.

City National Bank

When user training is not enough


Protecting your email is protecting your brand


[Webinar] What is BOD 18-01? How to Achieve Compliance

In this webinar, you will learn more about what the DHS BOD 18-01 mandates (STARTTLS, DMARC, HTTPS) and how to achieve enforcement and compliance to protect your staff, partners, and the American public.

[Webinar] Why is Everyone Talking About Email Authentication?

In this webinar, we will look at an important new layer to email security - the authentication of senders. Implemented properly, DMARC can prevent serious fraud attacks, closing one of the most damaging and pernicious email attack vectors.

So You've Started a DMARC Record... Now What?

If you’re like so many IT and cybersecurity managers today, you’re rightfully fed up with the inherent untrustworthiness of email.  This eBook outlines the journey from DMARC Monitoring to Enforcement in an accessible and entertaining way.

Insider's Guide to Email Authentication

Without authentication it is impossible to be sure that the sender of a message is really who they appear to be, leaving organizations open to email impersonation attacks and shadow email. This is where DMARC can help. When DMARC is configured properly, domain owners ensure only authorized services can send on their behalf and can … Continued

Valimail Government Report

The Valimail Government Report includes 15 pages of detailed information on the challenges and opportunities federal agencies will face in complying with the DHS directive to implemenet DMARC (BOD 18-01).

2017 Email Fraud Report

Valimail’s analysis of the most popular 1 million global domains shows that most domain owners have not attempted to implement fraud protection through the latest and most complete form of protection, DMARC.