10:00 AM
Dark Reading
Dark Reading
Products and Releases

Valimail Raises $25 Million in Series B Funding

SAN FRANCISCO, May 22, 2018 /PRNewswire/ -- Valimail, the world's leader in automating email authentication, announced it has raised a $25 million round of funding to accelerate its global growth and expand its portfolio of trust-based anti-impersonation services. Valimail provides the only automated email trust platform. Many leading organizations, including Yelp, Uber, Fannie Mae, Manulife, WeWork, and others, use Valimail to stop fraud, brand abuse, and data theft.

The Series B investment is led by Tenaya Capital, with participation from existing venture investors Shasta Ventures, Flybridge Capital Partners, and Bloomberg Beta.

"Valimail was founded to bring trust to the world's communications, starting with email. In a world of first-generation solutions with failure rates over 70 percent, we believed total automation was a necessary approach," said Alexander García-Tobar, co-founder and CEO of Valimail. "The past three years have proven our thesis that the market both needs and values automated authentication. Now we're prepared to make our platform available worldwide." 

Impersonation-based email attacks are the #1 vector for cyberattacks of all kinds. Valimail's Identity-Driven Email Anti-impersonation (IDEA)™ platform stops these attacks by automating implementation and ongoing management of email authentication. Leveraging open standards, such as SPF, DKIM, and DMARC, the platform ensures that unauthorized senders using an organization's domains in email messages are automatically blocked globally.

"Valimail's technology represents the perfect convergence of a huge need (stopping impersonation and restoring trust to email), a rapidly growing market, and a revolutionary technology led by an experienced, disciplined team," said Brian Melton, managing director at Tenaya Capital. "Valimail's automation platform is a best-in-class solution that's already found a substantial market and widespread recognition for its technical superiority. It will have wide application in the years to come," he added.

A Growing Global Trend

Both the private and public sectors now recognize email authentication as critical in preventing so called email "spoofing" or impersonation attacks. The Department of Homeland Security, for example, mandated in late 2017 that all federal agencies not only adopt email authentication based on DMARC, but implement it fully to prevent such attacks.

Email authentication based on DMARC has hit an inflection point, although companies still struggle to implement it fully:

·       DMARC is now supported by over 5 billion email inboxes worldwide. (Valimail's Email Fraud Landscape, Q1 2018)

·       More domain owners have published DMARC records in the past six months than in the five previous years combined. (DMARC.org)

·       However, successful deployment is extremely challenging: An analysis of one million DNS records shows that regardless of company size or vertical, about 80 percent of DMARC implementations fail to achieve enforcement. (Valimail's Email Fraud Landscape 2017)

·       DMARC is recommended for all companies by the Federal Trade Commission, the Online Trust Alliance, the Global Cyber Alliance, and many other organizations.

Automation Guarantees the Benefits of Authentication

Gartner Inc. recommends that security and risk management leaders involved in fraud prevention should work with brand stakeholders to "Implement domain-level email authentication protocols (SPF, DKIM and DMARC) as the strongest technical protection against exact-domain spoofing of domains owned or controlled by their enterprise." [Gartner: "Fighting Phishing: Protect Your Brand," November 2017, refreshed December 2017]

Most companies deploying DMARC don't make it to enforcement, however. Valimail's enforcement guarantee ensures that customers get the benefits of authentication quickly and effortlessly so they can stop impersonation attacks right away.

"After attempting email authentication with other solutions, I was amazed at the level of automation Valimail provides," said JJ Agha, VP of information security at WeWork. "It eliminates the need for two FTEs, so my staff can focus on other key priorities. I consider it a 'set it and forget it' solution for ensuring that our employees and executives can't be impersonated and that our email is trusted."

As it expands, Valimail will be hiring multiple positions across a number of different departments, including engineering, sales, customer success, and marketing. For information on career opportunities at Valimail, visit https://www.valimail.com/careers/.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
How Enterprises Are Attacking the Cybersecurity Problem
How Enterprises Are Attacking the Cybersecurity Problem
Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-01-21
In the GNU C Library (aka glibc or libc6) through 2.28, the getaddrinfo function would successfully parse a string that contained an IPv4 address followed by whitespace and arbitrary characters, which could lead applications to incorrectly assume that it had parsed a valid string, without the possib...
PUBLISHED: 2019-01-21
Teradata Viewpoint before 14.0 and contains a hardcoded password of TDv1i2e3w4 for the viewpoint database account (in viewpoint-portal\conf\server.xml) that could potentially be exploited by malicious users to compromise the affected system.
PUBLISHED: 2019-01-21
In Axway File Transfer Direct 2.7.1, an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with %2e instead of '.' characters, as demonstrated by an initial /h2hdocumentation//%2e%2e/ substring.
PUBLISHED: 2019-01-21
GattLib 0.2 has a stack-based buffer over-read in gattlib_connect in dbus/gattlib.c because strncpy is misused.
PUBLISHED: 2019-01-20
Hotels_Server through 2018-11-05 has SQL Injection via the controller/fetchpwd.php username parameter.