• by Jess Nelson , November 3, 2016

Email security startup ValiMail has raised $12 million to help brands better authenticate their emails for higher deliverability and security.

The Series A round was led by Shasta Ventures and includes participation from Flybridge Capital and Bloomberg Beta. This brings total funding to date to $13.5 million for ValiMail, which was founded in 2015.

Alexander Garcia-Tobar, ValiMail’s CEO, says the additional resources will be invested across four main initiatives. The company plans to continue to develop its technology platform, build partner-friendly APIs and customer onboarding and service.

In addition, ValiMail will “educate the market about the benefits of email authentication and DMARC and connect with companies that choose to take advantage of their benefits,” says Garcia-Tobar.

The San Francisco-based startup aims to eradicate issues associated with phishing scams with the help of DMARC (Domain-based Message Authentication, Reporting & Conformance), an email authentication standard. DMARC identifies when an email is being sent from the same person or organization that the email claims to be sent from, ensuring that no cybercriminals can use a company’s domain name for email scams.

The company’s client list already includes major technology brands, such as Uber and Yelp, and ValiMail asserts they have already protected their clients from more than 40 million phishing emails.

In addition to offering cyber protection from phishing scams, DMARC also boosts email deliverability and thus overall email marketing ROI.

A recent study of the world’s top 200 retailers by the Online Trust Alliance shows that that just 51% of retailers use DMARC for email authentication, while 94% of retailers are using SPF (Sender Profile Framework)  and 98% are using DKIM (DomainKeys Identified Mail).

“DMARC is an umbrella standard that sits on top of SPF and DKIM and depends on these two standards to do its job,” says Garcia-Tobar. “SPF and DKIM each contain the capability to validate that an email is authentic, but neither on its own has the ability to block unauthentic emails, and therefore block phishing. DMARC is required to actually block phishing.”

Garcia-Tobar says that SPF and DKIM are two standards that can vouch for the authenticity of an email, but that DMARC is really needed to add that extra anti-phishing layer of protection to email.

“DMARC provides the ability for the domain owner to instruct receiving mailboxes what to do with any email that fails authentication, the choice being to allow it to be delivered uninhibited, to drop unauthenticated mail into spam folders, or not to deliver it at all, says Garcia-Tobar. “DMARC also gives the domain owner the ability to specify where and how to report information about email messages passing and failing authentication.”