past the deadline to comply with BOD 18-01

Valimail offers the only FedRAMP Authorized DMARC Solution to protect government domains from fraudulent use.

  • Provides visual dashboard to analyze thousands of XML DMARC reports
  • Gives worldwide visibility to all email senders using a government domain
  • Identifies all third party services, "shadow IT”, and suspicious senders
  • Automates authentication policies to block fraudulent email
  • Provides 100% protection from same-domain phishing attacks
  • Avoids misconfigurations that can unintentionally block good email

100% of agencies using Valimail Enforce™ achieved DMARC compliance by the BOD 18-01 deadline.

Qualifying government entities may request a 14-day no-cost domain analysis using Valimail's secure FedRAMP service.

You've Got a DMARC Record...Now What?

The Department of Homeland Security (DHS) issued Binding Operational Directive (BOD) 18-01, mandating DMARC enforcement for all federal executive agencies by October 2018. DHS has validated DMARC as the best solution to protect government agencies and citizens from fraudulent email impersonating .gov domains.

The first step in the process is to create a DMARC record and get visibility into your domain, but how do you get from monitoring to enforcement? Download this white paper that covers what you need to know about approaching an enforcement project in your unique government agency environment.

Challenges with Enforcement

Unless you have a fully automated enforcement platform, you are faced with the following when approaching this with the help of 1st generation Do-it-Yourself DMARC reporting tools or expensive DMARC consulting services:


  • Parsing DMARC XML data 
  • Translating IP addresses to senders
  • Differentiating “shadow IT” from malicious or infrastructure senders
  • Documenting all senders and authorizations


  • Manual DNS configurations
  • Managing sender configuration requirements
  • Overcoming technical limitations like the SPF 10 domain lookup limit
  • Managing subdomains

Maintaining Enforcement

  • Monitoring and adapting for service changes
  • Confirming all emails are being properly authenticated
  • Reporting on the results of your DMARC program

Overcoming Enforcement Challenges with Automation

Valimail offers the only FedRAMP Authorized DMARC enforcement solution developed specifically to meet the unique requirements of government agencies. Valimail has solutions to support each phase of DMARC implementation: monitoring, configuring and maintaining enforcement.

Valimail’s Government Edition solutions for BOD 18-01 compliance are hosted in AWS FedRAMP Cloud (East & West - US Only).

Monitor™ Government Edition

Get full visibility of all email services sending on your domain name and uncover hackers and other unauthorized senders — all within a single dashboard.

Deliver™ Government Edition

Once you’ve identified all your authorized services, our patented InstantSPF™, technology ensures each service is perfectly configured to send, and you never have to worry about technical hurdles like the SPF 10-lookup limit again.

The Valimail customer success team will work with your internal teams and the sending vendors themselves to ensure every service is accurately configured for perfect authentication and delivery every time.

Enforce™ Government Edition

With the Valimail enforcement guarantee, you can be sure your agency will not only reach enforcement but stay there. Our customer success team works with your organization to guide you through each step of the DMARC process, and guarantee you get to enforcement. You can continue to manage senders with one-click authorization, and enjoy real-time authentication for every single email.

Both the government and our citizens... deserve a trusted relationship.

Jeanette Manfra
Assistant Secretary for Cybersecurity & Communications at DHS

88% of .gov domains are not ready for DHS deadlines and are easy to impersonate with fake emails that mimic agency officials.

Valimail Government Report
on 2018 DHS DMARC Mandates