Why Choose Valimail
The Original DMARC Leader
From the earliest days of DMARC development, we've had a leading role in setting industry standards that drive security, scale, and adoption.
2004
Uses a DNS TXT record to provide a list of authorized sending IP addresses for a given domain.
2007
Uses Public Key Infrastructure (PKI) to add a digital signature to email messages in the message header. Message receiver validates DKIM signature with a public key stored in the DNS at d=domain in the hidden header.
2012
Uses SPF and DKIM to authenticate mail senders and ensure that destination email systems trust messages sent from your domain. Provides additional protection against spoofing/phishing and helps receiving mail systems determine what to do with messages sent from your domain that fail SPF or DKIM.
2019
Authenticated Received Chain: Allow mailing lists or forwarding services to sign an email’s original authentication. Brand Indicators for Message Identification: Allow for brand-controlled email logos.
SPF
DKIM
DMARC
BIMI
SPF
DKIM
DMARC
BIMI
DNS TXT records provide an authorized sending IP address list to a given domain.
Public Key Infrastructure (PKI) adds a digital signature to email messages.
SPF and DKIM authenticate mail senders, ensuring destination email trust.
Brand Indicators for Message Identification (BIMI) provides brand-controlled email logos.
Recently, DMARC adoption is growing, while DMARC enforcement is declining.
*It’s critical to get to enforcement. DMARC enforcement has dropped from 15% to 12% in the past few years -- a critical gap in email security for the ecosystem.
Why DMARC Enforcement is Binary
The DMARC policy is spelled out with the “p” parameter, for which there are three options:
P=None is not protection
No enforcement. Mail that fails authentication is delivered normally, including fraudulent messages using your domain. This setting is intended as a “test” mode, so domain owners can troubleshoot authentication settings without the risk of legitimate messages getting blocked.
In p=none mode, domain owners can use the reports sent by mail gateways to examine what messages are being blocked and which IP addresses are sending those messages. Turning DMARC reports into actionable insights is a challenge because of the complexity on the ground.
Armed with this information, the domain owner can make changes to their SPF and/or DKIM settings, and potentially to the domain(s) used by the messages. It’s critical to ensure that legitimate emails get through and are authenticated — a top issues for many companies.
P-Quarantine
Messages that fail authentication should be quarantined. Usually this means that the messages are delivered to a user’s spam folder.
P-Reject
Messages that fail authentication should be discarded, not delivered at all. Some receivers honor this request, while others just mark failing messages as spam.
DMARC enforcement benefits critical stakeholders across your organization.
Evaluating the Options
Build, Consult or Automate
Build
12+
months
2-3 FTEs
(est. $300-450K annual)
Requires extensive maintenance, difficult to reach p=reject, manual DNS changes
20%
Enforcement Success Rate
Consult
9-12
months
1-2 FTEs
(est. $150-300K annual)
Never-ending maintenance. Manual DNS changes
40%
Enforcement Success Rate
Automate
0-4
months
0.2 FTEs
Enforcement within 1 quarter, at 1/10th of the cost of a build with Valimail automation
90%