The Leader in DMARC Authentication
Grade: B — Score: 70/100
Valimail leverages advanced technology to automate the implementation of DMARC (Domain-based Message Authentication, Reporting & Conformance), ensuring that only legitimate emails are sent from your domain. This not only enhances email security but also improves deliverability rates.
The workflow is designed to be seamless, allowing organizations to easily set up and manage their email authentication without requiring extensive technical expertise. Valimail's platform provides real-time monitoring and reporting, enabling users to track their email authentication status and make informed decisions.
Organizations that fail to implement proper email authentication face significant risks, including brand reputation damage, financial loss, and legal liabilities. Valimail helps mitigate these risks by providing a robust solution that protects against email fraud and enhances overall cybersecurity posture.
Monitor: Free (permanently, no volume cap)
Enforce: Contact for pricing (quotes based on email volume, domains, sending services, and org size)
Amplify: Contact for pricing (add-on, requires Enforce)
Consider switching to Proofpoint: Proofpoint offers similar email security solutions with a broader range of features.
Valimail focuses on automated DMARC enforcement using patented technology like Instant SPF, with the vendor claiming enforcement in 60 days or less. Its free Monitor product has no email volume cap, unlike dmarcian's 1,250-email limit and PowerDMARC's 10,000-email limit on their free tiers. The trade-off is pricing transparency: dmarcian starts at $19.99/month and PowerDMARC at $8/month with public pricing, while Valimail Enforce requires contacting sales for a custom quote. Valimail is the only FedRAMP-authorized DMARC provider, making it the required choice for U.S. federal agencies.
Yes. Valimail Monitor is a permanently free product (not a time-limited trial) with no cap on email volume or number of domains monitored. It identifies all sending services by name, shows SPF/DKIM/DMARC pass/fail status, and checks Google/Yahoo readiness. No credit card is required to sign up. The limitation is that Monitor only provides visibility. Moving to active DMARC enforcement (p=quarantine or p=reject) requires upgrading to the paid Enforce product.
Valimail holds SOC 2 Type 2, PCI, and GDPR compliance certifications. It is also FedRAMP authorized, making it the only DMARC provider with this U.S. federal government certification. The platform runs on a distributed AWS infrastructure with points of presence in the US, Asia, and EMEA, and offers a 99.995% availability SLA. Valimail operates under DigiCert's broader digital trust and certificate authority ecosystem.
Instant SPF is Valimail's patented solution to the 10 DNS lookup limit imposed by the SPF specification. When an organization uses many third-party email senders (e.g., Salesforce, Mailchimp, HubSpot), their SPF record can exceed this limit and break authentication. Instead of traditional SPF flattening (which can go stale as IPs change), Instant SPF dynamically manages lookups within the Valimail platform. This feature is included in Enforce and does not require manual DNS edits.
Yes. Valimail was founded in 2015 by Alexander Garcia-Tobar and Peter Goldstein and was later acquired by DigiCert. It now operates as a dedicated DigiCert business unit with its own executive team responsible for product, sales, and customer success. The acquisition connects Valimail to DigiCert's certificate authority infrastructure, DNS expertise, and encryption technology. The brand continues to operate under the Valimail name.
Yes, through its Amplify add-on product. Amplify helps organizations implement BIMI to display brand logos in email inboxes and secure Google's blue verification checkmark. Valimail claims Amplify can increase email open rates by up to 20%. Amplify requires Enforce as a prerequisite since BIMI only works on domains with DMARC enforcement at p=quarantine or p=reject. Pricing for Amplify requires contacting sales.
Yes. Valimail has a direct partnership with Microsoft. The General Manager of Microsoft Security Defender for Office 365 has publicly endorsed Valimail's automated service discovery for Microsoft 365 environments. The platform automatically identifies Microsoft 365 as a sending service and simplifies its SPF/DKIM configuration. Valimail also integrates with other email providers, secure email gateways (including Symantec), and SIEM platforms like Splunk.
FedRAMP (Federal Risk and Authorization Management Program) is a rigorous U.S. government security assessment process that few email authentication vendors pursue due to cost and complexity. Valimail obtained this certification to serve federal agencies and government contractors that are required to use FedRAMP-authorized solutions for cloud-based services. No other DMARC-focused vendor (including dmarcian, EasyDMARC, or PowerDMARC) currently holds FedRAMP authorization.