• by Jess Nelson , February 23, 2018

Brands are now clamoring for properly implemented email authentication -- as email is now the primary vector of attack for cybercriminals, with 91% of successful enterprise cyber attacks originating from a phishing email, according to PhishMe. Some of the most infamous hacks in recent memory, such as the 2014 hack of Sony Pictures and the 2016 hack of the Democratic National Committee (DNC), began with a phishing email.

Based in San Francisco, Valimail is an email security startup that offers an automated email authentication service that helps brands and organizations implement SPF, DKIM, and DMARC. Valimail’s cloud-based service helps prevent domain- and email-based impersonation attacks by automating email enforcement.

ValiMail’s annual revenue tripled in 2017 due to the demand for email authentication, and the company added more than 50 clients to its roster including notable high-frequency email senders like Yelp and Uber as well as Fannie Mae, Pure Storage, WeWork, and Time Warner.

In addition, Valimail blocked more than 3.5 billion fraudulent emails last year and secured three patents for its email authentication technology .

The Federal Trade Commission and Department of Homeland Security have also helped propel Valimail’s growth by recommending that businesses use DMARC and issuing a mandate that all U.S. federal agencies deploy DMARC in 2018.

Cybercriminals have become incredibly savvy at impersonating brands, organizations, and/or individuals to trick victims into clicking on malicious links or downloading nefarious content -- and often use social media, as well as data from previous leaks available on the dark web, to study their targets’ interests and online behavior. Thus, cybercriminals can create personalized emails -- just as in email marketing -- to dupe their victims.

DMARC, or Domain-based Message Authentication, Reporting and Conformance, is an email authentication protocol that can help eliminate this danger when it is implemented properly with a full enforcement policy. Building on top of existing authentication measures like SPF and DKIM, DMARC makes email phishing and spoofing more difficult for cybercriminals because they’re restricted to using non-protected domain names.

Valimail powers an email authentication service, Valimail Enforce, that shuts down email impersonation attacks by only enabling authorized senders to use DMARC-protected domain names in email messages. The company guarantees that its customers will get their DMARC records to an enforcement policy within an average of 100 days.