Valimail offers the only FedRAMP-authorized, fully automated DMARC solution to protect government domains from fraudulent use.

  • Provides a visual dashboard to analyze thousands of DMARC reports at a glance — without needing to interpret the underlying XML data
  • Enables worldwide visibility into all email senders using a government domain
  • Automates authentication policies blocking fraudulent emails
  • Never uses PII
  • Avoids misconfigurations in the DNS record that can block good email
  • Runs on a dedicated, segregated instance hosted in AWS FedRAMP Cloud, ensuring that government clients’ data remains in the U.S. and on FedRAMP-approved infrastructure

All of Valimail’s federal agency clients got to enforcement by the BOD 18-01 deadline of October, 2018. Valimail is the only vendor that can say that.

DMARC for Federal Government

The Department of Homeland Security (DHS) issued Binding Operational Directive (BOD) 18-01, mandating DMARC enforcement for all federal executive agencies by October 16, 2018. With this directive, DHS validated DMARC as the best protocol to use for protecting government agencies and citizens from fraudulent email impersonating .gov domains. Since BOD 18-01 was issued, the majority of federal domains have complied with this directive.

DMARC for State and Local Government

While state and local governments are not required to adhere to federal directives, they face the same risks. Statistics show that nearly half of state and local governments experience cyberattacks daily. And since state and local governments are responsible for election security, local utilities, and other critical infrastructure, unauthenticated email can undermine citizen trust in government systems.

Challenges with Enforcement

Attempting DMARC enforcement without a fully automated solution creates significant amounts of tedious manual work. Opting for first-generation do-it-yourself DMARC reporting tools or expensive consulting services will waste employees’ time and effort, as well as money.

Implementing Valimail enabled government customers to deploy DMARC and reach enforcement in a median time of just three weeks. That’s because Valimail automates the following critical ongoing tasks:



  • Parsing DMARC XML data
  • Translating IP addresses to senders
  • Differentiating “shadow IT” from malicious or infrastructure senders
  • Documenting all senders and authorizations

Manual DNS configurations

  • Managing sender configuration requirements
  • Overcoming technical limitations like the SPF 10 domain lookup limit
  • Managing subdomains

Maintaining Enforcement

  • Continuously monitoring and adapting for cloud service changes
  • Continuously confirming all emails are being properly authenticated
  • Reporting on the results of your DMARC program

Overcoming Enforcement Challenges with Automation

Valimail’s Government Edition solutions are hosted in AWS FedRAMP Cloud (East & West - US Only).

Monitor™ Government Edition

Get full visibility into all email services sending on your domain name and uncover phishers and other unauthorized senders — all within a single dashboard.

Enforce™ Government Edition

Valimail ensures enforcement. Once achieved, you can continue to manage senders via automated one-click authorization and maintain real-time authentication for every email.

Both the government and our citizens... deserve a trusted relationship.

Jeanette Manfra
Assistant Secretary for Cybersecurity & Communications at DHS

88% of .gov domains are not ready for DHS deadlines and are easy to impersonate with fake emails that mimic agency officials.

Valimail Government Report
on 2018 DHS DMARC Mandates