remaining to comply with BOD 18-01

Valimail offers the only FedRAMP Authorized DMARC Solution to support rapid compliance with DHS BOD 18-01.

  • Hosted in AWS FedRamp Cloud (East & West - US Only)
  • Privacy Shield Certified/No PII
  • Fully redundant 99.995% infrastructure
  • Data encryption at rest and in transit
  • SSO/Access controls/2-factor authentication
  • SOC 2 Type II Certified

You've Got a DMARC Record...Now What?

The Department of Homeland Security (DHS) issued Binding Operational Directive (BOD) 18-01, mandating DMARC enforcement for all federal executive agencies by October 2018. DHS has validated DMARC as the best solution to protect government agencies and citizens from fraudulent email impersonating .gov domains.

The first step in the process is to create a DMARC record and get visibility into your domain, but how do you get from monitoring to enforcement? Download this white paper that covers what you need to know about approaching an enforcement project in your unique government agency environment.

Challenges with Enforcement

Unless you have a fully automated enforcement platform, you are faced with the following when approaching this with the help of 1st generation Do-it-Yourself DMARC reporting tools or expensive DMARC consulting services:


  • Parsing DMARC XML data 
  • Translating IP addresses to senders
  • Differentiating “shadow IT” from malicious or infrastructure senders
  • Documenting all senders and authorizations


  • Manual DNS configurations
  • Managing sender configuration requirements
  • Overcoming technical limitations like the SPF 10 domain lookup limit
  • Managing subdomains

Maintaining Enforcement

  • Monitoring and adapting for service changes
  • Confirming all emails are being properly authenticated
  • Reporting on the results of your DMARC program

Overcoming Enforcement Challenges with Automation

Valimail offers the only FedRAMP Authorized DMARC enforcement solution developed specifically to meet the unique requirements of government agencies. Valimail has solutions to support each phase of DMARC implementation: monitoring, configuring and maintaining enforcement.

Valimail’s Government Edition solutions for BOD 18-01 compliance are hosted in AWS FedRAMP Cloud (East & West - US Only).

Monitor™ Government Edition

Get full visibility of all email services sending on your domain name and uncover hackers and other unauthorized senders — all within a single dashboard.

Deliver™ Government Edition

Once you’ve identified all your authorized services, our patented InstantSPF™, technology ensures each service is perfectly configured to send, and you never have to worry about technical hurdles like the SPF 10-lookup limit again.

The Valimail customer success team will work with your internal teams and the sending vendors themselves to ensure every service is accurately configured for perfect authentication and delivery every time.

Enforce™ Government Edition

With the Valimail enforcement guarantee, you can be sure your agency will not only reach enforcement but stay there. Our customer success team works with your organization to guide you through each step of the DMARC process, and guarantee you get to enforcement. You can continue to manage senders with one-click authorization, and enjoy real-time authentication for every single email.

Both the government and our citizens... deserve a trusted relationship.

Jeanette Manfra
Assistant Secretary for Cybersecurity & Communications at DHS

88% of .gov domains are not ready for DHS deadlines and are easy to impersonate with fake emails that mimic agency officials.

Valimail Government Report
on 2018 DHS DMARC Mandates