Yelp makes easy work of DMARC enforcement with Valimail

Challenge

The current process for achieving and maintaining DMARC enforcement was tedious and required two employees to manage. In addition, Yelp did not have a technical solution for the SPF 10 domain lookup limit.

Solution

Valimail Enforce™ gave Yelp an email authentication platform to orchestrate the enforcement process and overcome technological hurdles like the SPF 10-lookup limit. Valimail Enforce™ made easy work of its transition to a modern, cloud-based environment.

Results

Valimail eliminated tiresome tasks and created a more efficient, organizationwide process that protects Yelp’s brand and improves security.

chef in a restaurant

The business

Yelp was founded in 2004 to connect people with local businesses and has continued to prioritize the experience of its visitors — 100 million unique monthly visitors across mobile web and app, and 75 million desktop — as well as its 4,000+ employees. As a global, multinational platform connecting millions of people to great local businesses, trust is a critical element of the Yelp customer experience. Users should be able to trust that the 155 million reviews on the platform are authentic and also have faith that digital communications from Yelp are secure.

The challenge

The security team at Yelp is organized under the engineering team and manages the overall infrastructure and security for the company as well as the consumer-facing Yelp app. After getting one of its many domains to DMARC enforcement, Vivek Raman, Head of Security, and Ioannis Koniaris, Security Engineering Manager, knew that a manual approach was not the most efficient way to tackle email authentication. With two of their team members taking almost twelve months to reach enforcement on just one domain, there was a lot more work to be done. Complicating matters was a constantly changing IT environment that was shifting to a cloud-based infrastructure. All these factors required the security team to stay agile in order to manage the security of millions of users and employees efficiently.

The security team needed a solution that allowed them to meet the top-level Yelp goal of maturing as an organization, while also creating a robust and layered security defense that included DMARC enforcement.

The solution

The team knew that achieving DMARC enforcement was a critical aspect of layered protection, but throughout the process, they uncovered a lot of “unintentional complexities.” Instead of piecing together an approach to overcome these challenges with the help of one-off tools and additional reporting, they opted to find a holistic solution to their problem and permanently remove the burden from their internal team.

After evaluating a few different vendors, the security team knew that Valimail was the right choice for their business needs. Raman said, “We looked at a few others, but none of them were direct competitors. They provided tools but not an enterprise solution for the management of the entire process.”

Yelp quickly implemented Valimail Enforce™ and instantly had complete visibility into all of its emailing and nonemailing domains, helping the security team uncover shadow IT and malicious senders. “Valimail takes a big headache off of our team. There is a lot of tedious work that would be required if we didn’t use Valimail,” says Raman. Koniaris adds, “In the past, we had to have one dedicated engineer look at the DMARC reports every week or every day; with Valimail we can just click one button.”

The results

“The short-term benefits were clear… we weren’t sure what the long-term benefit would be, but we’ve continued to see the value over time,” says Raman. And those long-term benefits have continued to compound. Not only does Valimail provide complete visibility, but it also responds to all authentication requests in real-time, ensuring mail gateways receive complete and correct DMARC, SPF, and DKIM records in all cases over time. In a little under two years, Valimail has provided authentication responses for over 3 billion emails and blocked almost 11 million suspicious emails for Yelp.

Yelp’s 70 domains are being monitored and protected by Valimail Enforce™, and Yelp’s security team can now manage everything through a single dashboard, authorizing or deauthorizing emailing services with the click of a button. Additionally, technological complexity is no longer an issue. Koniaris says, “Valimail solved a big problem for us: the limit of the DNS lookups in our SPF record.” Technological issues like these no longer limit Yelp, because Valimail’s patented technology overcomes these hurdles.

In a continually changing environment where new services are frequently added or moved to the cloud, Valimail gives the security team the flexibility to quickly adjust to these changes and provide value across the organization. If any team wants to change email-sending tools, they know they can count on the Yelp security team to get them up and running. “Valimail gives us the ability to let employees be flexible with the tools they use, without being overly burdensome to the company,” says Raman. And if there is ever an issue with a new sender, the Valimail customer success team works directly with the vendor to quickly resolve the issue. “As we evolve, it’s helpful to have a partner that can manage this for us.”

“In the past, we had to have one dedicated engineer look at the DMARC reports every week or every day; with Valimail we can just click one button.”

Ioannis Koniaris,
Security Engineering Manager, Yelp

Related Case Studies