According to recent reports, in 2025, customers are expected to spend nearly $80 billion on Black Friday and Cyber Monday, an increase from $20 billion last year. A big contribution to this spending is email marketing, as consumers are searching for the best discounts and deals.

61% of consumers said that they prefer hearing about Black Friday deals from an email, while SendGrid reported that there was a 13% rise in Black Friday email volume year-over-year.

You’re already doing everything you can to prepare for Black Friday email marketing success. Your infrastructure is locked into place, your warming and segmentation plans are defined, and your Black Friday email campaigns are designed and ready to be loaded into your automation platform.

But how can you top your metrics and success from last year? We have a little secret that could boost your open rates by 20% this Black Friday. 

The answer? Brand Identifiers for Message Identification (BIMI).

What is BIMI? 

Brand Identifiers for Message Identification (BIMI) puts your logo in the inbox directly next to your Black Friday email, outshining missing or grayed-out initials. BIMI works with many email clients and webmail providers, such as Gmail, iCloud, Yahoo, and others. 

To enable BIMI on your domain, you need to either have a Common Mark Certificate (CMC) or a Verified Mark Certificate (VMC). In the past few months, Google announced that it would support CMCs, which don’t require trademarked logos. This announcement opens the avenue for more brands to get their logo next to a branded email. 

BIMI offers many benefits, including increased brand visibility, higher user engagement, and a consistent brand experience. Some BIMI users can also receive the blue verified checkmark next to their name in the Gmail inbox. 

Why BIMI matters more than ever in 2025

Retailers and e-commerce brands are leaning harder than ever into email marketing, which means inbox competition is fierce. In fact, in the retail and e-commerce space in 2024, BIMI adoption grew 40%. If you’re not adopting BIMI, your brand is becoming less competitive in the space.

Not all brands have implemented a BIMI logo because it’s still a relatively new and emerging technology. More than 20,000 of the top domains have implemented a BIMI logo, which might sound like a lot, but millions of brands haven’t explored their BIMI opportunity. 

By trailblazing your way to implementing a BIMI logo, you’ll get your logo (and attention) to display in places that competitors are missing out on.

The BIMI logo shows that your email domain is fully secure, which drives more subscriber trust. More importantly, BIMI drives additional engagement, giving you the chance to drive even more Black Friday email marketing revenue this holiday season. 

Every logo that gets seen in your email is also a brand impression. Digital marketers are most likely already using display ad networks like Google and Facebook to drive brand impressions as part of a digital marketing strategy. The great news about email is that you can get amazingly low CPIs in comparison. Depending on which display ad network you are using, you could be paying $2-6 per impression. 

Depending on the email volume you send to Google and Yahoo subscribers, with BIMI, you can see CPIs for as little as 10 cents or less. During the holiday season, just think about how all of those brand impressions could add up – more site visits, more search volume, and potentially more revenue.

“We were looking for a solution that could increase our brand protection and brand visibility by having our logo show up in our inbox without having to trademark our logo. The Common Mark Certificate (CMC) [and BIMI] helped us achieve this.”

Global Financial Management Company

Implementing BIMI on your email domain is more than just an upgrade; it’s a game-changer for your Black Friday email marketing strategy. With the ability to display your brand logo next to your emails, you’re not only enhancing your brand’s credibility. Thank it as the next evolution of email marketing, where trust and visibility drive open rates, engagement, and ultimately more revenue. 

How to implement BIMI in time for Black Friday

Here’s your checklist:

• Reach DMARC enforcement.
  Deploy Domain-based Message Authentication, Reporting, and Conformance (DMARC) and get to enforcement (p=reject or p=quarantine) to qualify for BIMI.
• Get a certificate.
  Choose either a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) through DigiCert.

If you’re unsure which one to choose, this table can help you choose the best option for your Black Friday email marketing strategy:

• Upload your logo.
  Prepare a tiny SVG logo file and host it securely. This file must meet specific formatting standards.
• Publish your BIMI DNS record.
  Point your DNS record to your logo file and certificate. Valimail helps ensure this step is validated and error-free.

Sounds easy, but is your domain able to implement BIMI? Check your BIMI status for free with Valimail’s domain checker:

DigiCert + Valimail: The fastest path to BIMI

Enabling BIMI starts with DMARC enforcement, which is the essential foundation for sender identity and domain protection. Valimail’s platform makes this easy and fast, with automation that removes the complexity from DMARC management.

From there, DigiCert provides the required BIMI certificates (VMC or CMC), offering a secure and recognized path to displaying your logo.

Now that DigiCert has acquired Valimail, together, you get:

• Automated DMARC enforcement with Valimail Amplify
• Verified brand identity with DigiCert VMC/CMC
• A smooth BIMI implementation experience, just in time for your holiday campaigns

FAQs about BIMI for Black Friday

The post Increase Cyber Monday and Black Friday email open rates with BIMI first appeared on Valimail.

This consistent recognition spans multiple global segments, including North America, Asia, and the Asia Pacific. We appreciate all of the reviews and validation from the people who matter most: real IT and security teams using Valimail every day.

What sets us apart? A faster path to DMARC enforcement. Dashboards built for clarity, not complexity. And human support teams that don’t disappear after onboarding.

We’re trusted. Proven. And consistently leading.

Let’s dive into what thirteen quarters of undisputed leadership look like and dig deeper into Valimail’s G2 Fall 2025 report. 

Highlights of Valimail’s leadership

This quarter, Valimail appeared on 74 reports and earned 26 unique badges. Among these rankings, we’ve had some exciting results of our solutions and leadership:

• Ranked #1 Grid® Report for DMARC | Fall 2025
• Ranked #1 Mid-Market Grid® Report for DMARC | Fall 2025
• Ranked #1 Mid-Market Implementation Index for DMARC | Fall 2025
• Ranked #1 Asia Regional Grid® Report for DMARC | Fall 2025
• Ranked #1 Asia Pacific Regional Grid® Report for DMARC | Fall 2025
• Ranked #2 Europe Regional Grid® Report for DMARC | Fall 2025
• Ranked #2 Small-Business Grid® Report for Email Anti-spam | Fall 2025

G2 rankings are driven by real customer feedback, combining satisfaction scores and market presence. So when Valimail is named the #1 DMARC leader for 13 quarters in a row, it’s a testament to how consistently our customers rate us on trust, ease of use, support, and time to value.

Valimail awards and badges

Our recognition for continuously being a leader in the DMARC space demonstrates our commitment to providing high-quality DMARC services. Here are some of the G2 badges we’ve received this quarter:  

Since inventing hosted DMARC in 2015, we’ve helped organizations of every size stop phishing, protect brands, and ensure compliance by authenticating billions of messages monthly. Read more about our past G2 results with our recent ratings, Grid wins, and customer feedback. 

Insights from customer feedback

Throughout the last quarter, we’ve maintained our 4.6/5 stars status out of 409 reviews. These reviews reflect our commitment to providing excellent software and customer service. 

Here are a just a few of the reviews we’ve received this last quarter: 

Better management of outgoing emails: “Valimail helps us to manage our email sending domains and non-email sending ones. Setting up SPF, DKIM, DMARC, and BIMI is easy. Email insights, Senders Insights, and Suspicious mails stopped by Valimail are extremely useful at the Executive Level. As an executive, I get the insights from the Dashboard, so I don’t have to look into the platform frequently. Customer Support is easy to access.” – Santanu L., Chief Information Security Officer

Robust security with easy setup and useful reporting: “I find the reporting feature incredibly helpful as it flags illegitimate attempts to send emails pretending to be us and automatically blocks them through the DMARC policy. The setup process was seamless, thanks to the excellent support from Valimail’s team. The integration with Okta also proved beneficial, streamlining our management process.” – Prity P. 

Exceptional service and seamless onboarding with Valimail: “Valimail took the complexity out of DMARC and made email authentication feel effortless. The onboarding process was smooth and well-guided. Huge appreciation for Gabriel, our onboarding engineer. His professionalism, patience, and proactive support were beyond impressive. Gabriel made the entire setup seamless and answered every question with clarity and care. Best onboarding experience we’ve had in a long time.” – Greg M, Sr. Systems Engineer 

Partner with the trusted G2 DMARC leaders 

Whether you’re just exploring DMARC or ready to tighten your defenses, Valimail has solutions that can work for you:

Valimail Monitor: Get instant visibility into your domain’s authentication status. You can get started with Valimail Monitor for free (no limited trials or credit cards required) to take our solutions for a test drive before committing to anything. 

Valimail Enforce: If you need more domain protection and want to get to DMARC enforcement, schedule a demo with our DMARC experts to get started. 

Valimail Amplify: Want to get your logo in your recipients’ inboxes? We automate the process, make it easy for you to set up BIMI, and increase your brand’s visibility. 

Not sure which solution meets your needs the best? Jump on a call with a few of our DMARC experts, and we’d be happy to help find a solution that fits your needs the best. 

The post Valimail named #1 for DMARC in G2 Fall 2025: 13 straight quarters of IT and security leader trust first appeared on Valimail.

G2 has just released its Summer 2025 reports, and Valimail led the DMARC category again as #1. That’s industry-wide dominance from North America to APAC, from startups to midmarket and enterprise. 

Why does this matter? Because real customer reviews power each badge. Everyone has agreed that Valimail is the best in the industry for three straight years. We deliver the quickest path to enforcement, intuitive dashboards anyone can use, and human product support is always there to help.

Let’s dive into what three years of undisputed leadership look like and dig into Valimail’s G2 Summer 2025 report. 

Highlights of Valimail’s leadership

This quarter, Valimail appeared on 72 reports and earned 19 unique badges. Among these rankings, we’ve had some exciting results of our solutions and leadership:

• Ranked #1 Grid® Report for DMARC | Summer 2025
• Ranked #1 Mid-Market Grid® Report for DMARC | Summer 2025
• Ranked #1 Small-Business Grid® Report for DMARC | Summer 2025
• Ranked #1 Mid-Market Relationship Index for DMARC | Summer 2025
• Ranked #1 Mid-Market Implementation Index for DMARC | Summer 2025
• Ranked #1 Asia Pacific Regional Grid® Report for DMARC | Summer 2025
• Ranked #2 Europe Regional Grid® Report for DMARC | Summer 2025

G2 rankings are driven by real customer feedback, combining satisfaction scores and market presence. So when Valimail is named the #1 DMARC leader for twelve quarters in a row, it’s a testament to how consistently our customers rate us on trust, ease of use, support, and time to value.

Our customers choose Valimail for the experience of using our products and services. 

Valimail awards and badges

Our recognition for continuously being a leader in the DMARC space demonstrates our commitment to providing high-quality DMARC services. As a testament to this, we’ve been recognized by G2 with these badges: 

Valimail is the global leader in zero-trust email authentication. Since inventing hosted DMARC in 2015, we’ve helped organizations of every size stop phishing, protect brands, and ensure compliance by authenticating billions of messages every month.

Along with this G2 #1 win, we’re celebrating our 10-year anniversary. We’ve been protecting domains for going on ten years, and as a thank you, we invite you to join our Engage-to-Enforce challenge. Whether you’re a current customer or are interested in becoming one, we have rewards for everyone. Join the limited-time challenge here.

Insights from customer feedback

We’ve maintained our 4.6/5 stars status out of 361 reviews. These reviews reflect our commitment to providing excellent software and customer service. 

Here are a few of the reviews we’ve received this last quarter: 

Perfect for complex email environments: “We’ve had an excellent experience with Valimail. Their platform made implementing DMARC authentication straightforward and efficient, even for a complex email environment like ours. The user interface is intuitive, and their reporting tools provide clear, actionable insights that helped us quickly identify and authorize legitimate senders while blocking malicious activity.” – Ernesto D, CPO 

Game-changer for email security: “We’ve been using Valimail for over a year now, and it’s been a game-changer for our email security…What I appreciate most is how ‘hands-off’ it becomes once it’s up and running. No more worrying about SPF or DKIM misconfigurations. It just works.” – Stijn v., System Administrator 

Centralized and easy to manage: “I’ve been using Valimail for over 3 years now, and it’s been a great tool. Everything is centralized and easy to manage. The setup was simple, and the platform gives you a lot of helpful details to monitor your email authentication.” – Varun C., Security Engineer

Read more about our past G2 results with our recent ratings, Grid wins, and customer feedback. 

Partner with the trusted G2 DMARC leaders 

Whether you’re just exploring DMARC or ready to tighten your defenses, Valimail has solutions that can work for you:

Valimail Monitor: Get instant visibility into your domain’s authentication status. You can get started with Valimail Monitor for free (no limited trials or credit cards required) to take our solutions for a test drive before committing to anything. 

Valimail Enforce: If you need more domain protection and want to get to DMARC enforcement, schedule a demo with our DMARC experts to get started. 

Valimail Amplify: Want to get your logo in your recipients’ inboxes? We automate the process, make it easy for you to set up BIMI, and increase your brand’s visibility. 

Not sure which solution meets your needs the best? Jump on a call with a few of our DMARC experts, and we’d be happy to help find a solution that fits your needs the best. 

The post Three years running: Valimail remains #1 in G2 report for DMARC for the 12th consecutive quarter first appeared on Valimail.

However, there’s one key difference. As of May 5, 2025, Microsoft announced that it will actively begin rejecting mail that doesn’t meet its published requirements for bulk senders. 

Email Authentication: The foundation for deliverability

Amazon Simple Email Service (SES) and Valimail are collaborating to provide automated email authentication solutions to all Amazon SES customers, helping them comply with these evolving sender guidelines. 

Amazon SES processes over a trillion emails yearly for customers worldwide across various industries, from small startups to large enterprises for their transactional and marketing email workloads, including the emails for Amazon’s retail Prime Day events. This collaboration addresses the growing need for robust email authentication in light of the evolving threat landscape and requirements from mailbox providers. DMARC (Domain-based Message Authentication, Reporting, and Conformance) has become a critical tool for preventing domain spoofing and phishing attacks, which continue to be the entry point for many data breaches and ransomware attacks.

Valimail is the leader in DMARC and email authentication, which has been so since 2015. Our automated DMARC solution is uniquely positioned to help senders navigate this new era of enforcement. Through this collaboration, Amazon SES customers who sign up for Valimail Monitor will have access to our free solution that provides real-time visibility into their DMARC posture and helps them spot problems with SPF, DKIM, DMARC, and alignment before they impact their ability to deliver email. 

Amazon SES customers now have streamlined access to: 

• Global view of all email traffic being sent on their behalf
• See which domains are passing and failing DMARC, SPF, and DKIM
• Readiness for moving toward full DMARC enforcement safely

“When you combine Amazon SES with Valimail, you gain comprehensive visibility into your email ecosystem while maintaining the robust sending capabilities of SES. The combination enables you to assess your compliance with the latest sender requirements from major providers like Microsoft, Google, and Yahoo. You’ll have clear insights into which of your domains are successfully passing DMARC, SPF, and DKIM authentication checks, and which ones need attention”.

-Amazon SES Blog 

Brand protection and customer trust

Ultimately, DMARC enforcement should be the goal for all businesses. With DMARC enforcement, customers can improve security and increase trust:  

• Stronger security: Emails failing authentication checks are outright rejected, preventing them from ever reaching your recipients. This reduces the risk of phishing attacks, email spoofing, and other malicious activities that could compromise your organization.
• Brand protection: Customers and partners are less likely to receive fraudulent emails that appear to come from your domain, and that builds trust with your audience.
• Better email deliverability: Although it might seem counterintuitive, moving to p=reject actually improves your email deliverability. Fewer fraudulent emails means fewer messages marked as spam, which can improve your reputation with inbox providers.

For Amazon SES customers looking for more support along their DMARC journey, Valimail offers another solution, Enforce. Enforce accelerates getting companies protection against phishing and spoofing by achieving DMARC enforcement through a powerful blend of automation, simplicity, and expertise. Our customers reach DMARC enforcement at a higher rate and 4x faster than other solutions. 

This collaboration between Amazon SES and Valimail represents a significant opportunity for businesses to leverage Amazon SES’s scalability while helping them comply with the latest email authentication standards and taking the first critical step towards brand protection. 

The post Amazon SES and Valimail collaborate to help companies navigate bulk sender requirements   first appeared on Valimail.

The guidance requires:

• DMARC at p=reject to prevent spoofing (Strict SPF and DKIM alignment is required) 
• SPF to authorize legitimate senders
• DKIM to prevent tampering
• MTA-STS to enforce transit encryption
• TLS version at a minimum of 1.2 to secure session-level communication
• DLP to prevent unauthorized transmission of sensitive information

These requirements will be required for any agency that handles restricted, sensitive, or confidential information. While these agencies are affected first, the SGE framework strongly recommends that every New Zealand government domain follow suit. 

This is just another requirement in a long list that all point to a trend: The need for DMARC and stronger email security is growing stronger. 

Keep reading, and we’ll discuss these requirements in detail and what they mean for your IT and security teams. 

Who’s in scope for these email requirements?

At first glance at these requirements, it may sound like only the sensitive emails apply to these requirements. But this will affect everyone at some level: 

The bottom line is that while enforcement starts with higher-classification agencies, the framework’s October 2025 milestone calls for all agencies to “lift their email security standards” to SGE levels.

What the New Zealand SGE framework requires, in plain language

1. Authenticate the sender

• Sender Policy Framework (SPF): Publish a DNS record that lists every service allowed to send on your behalf, and end it with -all to block the rest.
• DomainKeys Identified Mail (DKIM): Cryptographically sign every outbound message.
• Domain-based Message Authentication, Reporting, and Conformance (DMARC): Align SPF and DKIM, turn on reporting, and set policy to p=reject so fraudulent messages never reach the inbox.

2. Encrypt the channel

• Transport Layer Security (TLS) 1.2 or higher for all connections.
• MTA-STS + TLS-RPT: Force encryption in transit and get feedback if anyone tries a downgrade attack.

3. Protect the content

• Data-Loss Prevention (DLP): Blocks messages that carry data above your clearance level.

Timeline at a glance

What’s the timeline for these New Zealand email requirements? Here’s the tentative timeline according to them: 

• June 2025: SGE v1.0 is live; guidance available as a downloadable PDF.
• October 2025: Every applicable agency should have aligned its external email domains with SGE.
• 2026: Legacy SEEMail gateway retires. Agencies that haven’t modernized are at risk of isolation.

What happens if agencies don’t comply with this secure framework?

The All of Government Service Delivery (AoGSD) team will watch DMARC, SPF, and MTA-STS records (DKIM next) and flag any non-compliance. Agencies mandated by this new framework must prove compliance and remediate quickly. 

If compliance changes occur, the AoGSD Security team will individually review each case and communicate with the agency to assess whether there was an error or issue.

Five strategic takeaways for IT and security leaders

Now isn’t the time to panic and scramble to meet these compliance requirements. Treat “optional” as “inevitable.” History shows that when one part of the government raises the bar, the rest follows. Getting ahead today beats scrambling later in the year.

It might seem daunting, but if this requirement affects you, here are five strategic takeaways and steps to take next:

1. Get the status of your domain’s email authentication using Valimail’s free domain checker. 

2. Focus on visibility first. DMARC reporting quickly reveals who’s sending on your behalf, and who’s spoofing you. You can do this for free with Valimail Monitor. 
3. Automate the lift. Manually tuning SPF, DKIM, and DMARC across dozens of SaaS services is error-prone; automation keeps you within the 10-lookup limit and prevents issues down the line.
4. Go straight to enforcement. A p=none record offers zero protection. Fast-tracking to p=reject cuts the window attackers can exploit.

5. Plan for continuous change. New cloud apps appear weekly. Choose a solution that flags unauthenticated senders before they derail your compliance status.

How Valimail helps New Zealand agencies succeed and meet compliance requirements

Valimail is the leader in DMARC, and we hosted DMARC in 2015. We’ve helped over 80,000 organizations worldwide, including in New Zealand. 

We’re the global G2 DMARC leader as well as the G2 DMARC leader in the Asia Pacific region. 

“Managing DNS records for SPF was always challenging, with frequent changes and risk of exceeding lookup limits. With Valimail’s automated monitoring and real-time alerts, we now have complete visibility into our SPF record health, ensuring optimal configuration without disruptions. Their proactive approach saves us time and prevents misconfigurations.” – Melvin Joseph, Security Engineer, Ausgrid

Our industry-leading DMARC solutions help you:

• Discover every email sending service by name
• Guides you to p=reject safely with real-time DMARC enforcement insights
• Monitors SPF, DKIM, and DMARC continuously with alerts about email delivery and compliance
• Complements your secure email gateway (SEG). We can authenticate the sender; SEGs will inspect the content to create a layered defense against phishing 

So, what next steps should you take to comply with New Zealand email requirements before October 2025? 

If you’re ready to dive into full compliance, schedule a demo of Valimail Enforce. We’ll help you quickly get to DMARC enforcement with the help of our product support team. 

However, if you want to just get visibility into your sending services to get a status of your compliance, you can sign up for our free DMARC solution: Valimail Monitor. It’s forever-free with no credit card obligations, and you can instantly see all of your sending services and look at your domain underneath the hood. If you like what you see, you can always upgrade your account later. 

Ready to meet the New Zealand Secure Government Email Framework ahead of schedule?

The post New Zealand’s email security requirements and why it matters to all government domains first appeared on Valimail.

At Valimail, we take our work seriously but try not to take ourselves too seriously. This value inspires us to get to the heart of what makes people unique and how it affects their careers to provide valuable advice, inspiration, and insights to people working with email daily.

In this lighthearted interview series, we connect with experts from the email, IT, security, ISP, and authentication spaces to learn more about them and their experiences.

Listen to the full interview here or keep scrolling for the highlights:

About Tony Parrillo

Tony Parrillo has been with Schneider Electric for seven years and is responsible for the cybersecurity for all their industrial activities and R&D facilities. He helps support the product and how the products are manufactured and delivered. 

He started his career as a naval aviator and made over 600 arrested landings on aircraft carriers during his service time in the Navy. 

What’s an email security myth you wish more people would stop believing?

The biggest one that kills me doesn’t pertain just to email, but definitely in phishing, is that there’s a perfect system out there. That if we buy the right tool, it will ensure a phishing email will never make it to a person. 

I try to explain that there are really, really smart people on the other side who are finding ways around everything to get that email into your inbox. Even if there was a magic solution, down the line they’ll find a way around it. 

And they’ve refined their techniques of making it seem urgent and getting you when you’re not thinking clearly on Monday morning before your coffee. So you’re going to click on that before you actually think about it, and they’re great at it, and no matter what step we take, they take another step.

But everybody believes, from executives down to the factory workers, that there is a magic bullet that is going to block them all.  

I usually talk a lot about the human firewall. And I tell people, you’re a smart person. You’re here for a reason. You’ve succeeded in your career due to critical thinking and other reasons. So you need to apply that to every email in your inbox; don’t just zip through. So it’s training, awareness, and getting the message across. 

What’s the smallest hill you are willing to die on?

So that’s a tough one, because I’ve been doing this for twenty-five years, and I’ve seen all kinds of ups and downs, and I’ve seen a lot of executives who have high-risk or low-risk tolerance. 

And I work with teams with specific business reasons for why we need to do things. So even when you’re up against the best practice, there may be a reason not to use that best practice. 

So much is case-by-case. There have been times when I’ve said absolutely no, we cannot do this, but I haven’t said that in a while. I will say, in general, long, nuanced discussions about the risks usually come to some sort of compromise. 

Early in my career, we were the department of no, and I had bosses who were super tough and said no to everything. And I watched that happen, and I watched how it wasn’t always productive. 

So I try to never just be the office of no. I try to be the yes, but. Or we could do that, but why don’t we do it this way? I think everybody is more willing to have a measured discussion about the risks and what we should do to move ahead. 

How did you get started in IT/Security? What do you love about it?

I love that it’s so dynamic, and it’s so exciting. It’s so interesting and changes so rapidly that you have to keep up with your professional education. You have to keep up on what’s happening in the environment, both on the threat and defender sides. I think that came from when I started in naval aviation.

I flew EA-6B Prowlers, which were electronic warfare. That was my gateway into cybersecurity because electronic warfare involved jamming, deception, and all kinds of things like that against air defense systems. Then, at some point in my career, the Navy transitioned me to the wired cybersecurity industry.

You always have to be engaged. I tell people it’s like playing tennis and chess at the same time. So you’re playing tennis, and you have to keep hitting those incidents and stop them. But at the same time, you have to be very strategic and plan how you’re going to use your resources and things like that. 

If you could instantly fix one major security flaw in the email ecosystem, what would it be?

The whole IT ecosystem was designed to be completely open, all the way back to ARPANET. And it’s the same with email. So it’s designed to be very easy breezy, so anybody can really impersonate anybody. 

We’ve been cracking down on that, but obviously the thing is trying to get to levels of authentication and find out who sent the email. We’ve done the PKI signatures and stuff like that. So the non-repudiation of who the email came from is the toughest part. 

And the inventors of email were very optimistic. They didn’t run it through a threat model because there was no reason to in those days, and everybody thought it was going to just be used for good. And of course, everything that’s used for good can be used for bad as well. 

What’s the funniest or most bizarre phishing email you’ve ever received?

I’ve gotten some phone calls from some people with some emails, and some were definitely very entertaining. 

I will say the biggest type of those calls was back when ransomware was much more individual, where they would lock up people’s computers, and they want you to pay a hundred dollars or in Bitcoin. Now that it’s a bigger business, the bad actors target big businesses because that’s where the money is. 

What’s a non-technical skill that has made you a better security leader?

A sense of humor. 

Cybersecurity tends to be a pretty boring and negative practice. You never get to tell someone that you have great news. The best news you could have is that nothing happened. 

It can get a little dark. So you need a sense of humor to lighten things up and keep people motivated. 

There are times that you’re going to be working long, crazy hours. There will be other times that something’s going to happen, and it’s going to be demoralizing, and you need to keep a fresh face and be optimistic and keep your team optimistic that everything’s going to work out in the end. 

It also helps when you’re teaching new people. I can tell when people start zoning out when you talk about cybersecurity. I’ll throw a joke or two in, and it snaps them back in, and they pay attention a little bit longer. 

Sometimes working in cybersecurity feels like a death march. We’re going to keep going forever, because every time we do something, the bad guys respond, and it’ll keep going forever. But I also point out that that’s job security. That’s not the case for many other areas of IT that have waxed and waned over the years. 

How would you explain DMARC to your grandparents, friends, or relatives?

I would explain Domain-based Message Authentication, Reporting, and Conformance (DMARC) as a stamp you get at the Post Office. You bring a letter to the Post Office, and the Post Office says it was definitely sent from someone in your home. It can’t be down to the individual, but at least they know it came from your house. 

So it’s much more secure than any other previous systems where you can just throw an anonymous letter in the mailbox, and it just shows up. And you’re never really sure who it’s from. There may be a postmark or something like that, but you don’t get a lot of information. 

DMARC is a big step forward in determining who the actual sender is, and if you couple it with good practices on the sending side, you can have pretty strong assurance that a human being sent that email. And that’s important for business deals or for any agreements.

Hopefully we’re going to be using it more and more. And that way, we have better assurance of the emails that are flowing around the Internet. And there’s still so much spam, so much garbage emails out there that are generated and just sent out hoping you know the spray and pray attach technique. 

I think the Google, Yahoo, and Microsoft DMARC requirements are a step forward in the right direction. They’re probably three of the biggest providers, and almost everyone I know has a personal Gmail. So the fact they’re all pushing in that direction is definitely a big step forward for us and having the ability to know who’s sending you what. 

Liked this interview? We have a whole collection of Authenticated Answers guests to read.

The post Valimail Authenticated Answers with Tony Parrillo first appeared on Valimail.

Sure, you could just copy and paste what someone tells you to use, but understanding the difference helps you make smarter choices for your domain setup. Plus, getting it wrong can lead to everything from email delivery problems to website downtime.

A records and CNAMEs each have their sweet spots. An A record is like giving someone your exact street address, while a CNAME is more like telling them “I live at the same place as my roommate.” Both get people to your door, but they work better in different situations.

Below, we’ll walk through exactly when to use each one, show you some real-world examples, and help you avoid the common mistakes that can mess up your domain configuration. Whether you’re setting up email authentication, connecting to a CDN, or just trying to get your website running smoothly, you’ll know exactly which record type to choose.

What is an A record?

An A record (Address record) is a fundamental DNS record type that maps a domain name directly to an IPv4 address. It creates a straight connection between your domain name and the specific IP address where your website or service is hosted.

Think of it like a direct phone line. When someone types your domain into their browser, an A record tells them exactly which IP address to connect to (no middleman, no redirects, just straight to the source). It’s the most basic and direct way to say “Hey, this domain lives at this specific IP address.”

Here’s what makes A records special:

• They only point to IP addresses, not other domain names
• You can have multiple A records for the same domain (great for load balancing)
• They’re usually the fastest DNS record type since there’s no extra lookup needed
• Most root domains (like example.com) require an A record rather than a CNAME

Let’s look at what an A record actually looks like:

example.com.    IN    A    192.0.2.1

Here’s what those elements mean:

• example.com is your domain name
• IN means internet (yes, it’s always there)
• A shows it’s an A record
• 192.0.2.1 is the IPv4 address which your domain points to

When setting up your domain, you’ll typically need an A record for your root domain (sometimes called the apex domain). Even if you use CNAMEs for subdomains, the main domain usually needs an A record to function properly.

What is a CNAME record?

A CNAME (Canonical Name) record is a DNS record type that maps one domain name to another domain name. This creates an alias that points to the “true” or canonical domain name rather than directly to an IP address.

Think of a CNAME like call forwarding. Instead of giving out a direct number (like with an A record), you’re saying “when someone calls this number, forward them to that other number.” CNAMEs work the same way. They tell DNS lookups to go check another domain name for the actual address.

Here’s what makes CNAMEs special:

• They point to other domain names, not IP addresses
• They’re perfect for services that might change their IP addresses
• You can update one main record, and all CNAMEs follow automatically
• They’re commonly used for subdomains and cloud services

Here’s what a CNAME record looks like:

blog.example.com.    IN    CNAME    example.netlify.app.

Breaking this down:

• blog.example.com is your subdomain
• IN means internet (standard stuff)
• CNAME shows it’s a CNAME record
• example.netlify.app is the destination domain name

CNAMEs are super handy when you’re working with cloud services or CDNs. Instead of managing multiple IP addresses that might change, you just point your CNAME to their domain, and they handle the rest. It’s like having a permanent forwarding address—no matter where the service moves, your CNAME keeps pointing to the right place.

Note: You can’t use a CNAME for your root domain (like example.com) if you need other DNS records there (like MX records for email). This is known as the “CNAME at apex” problem, and it’s one of the main reasons you need to understand when to use each record type.

A record vs. CNAME: What’s the difference?

The main difference between A records and CNAMEs is their function: A records point directly to IP addresses, while CNAMEs point to other domain names. Still, the real differences show up in how they work in practice.

Here’s what that means in DNS terms:

Speed and performance

A records usually perform better because they need just one DNS lookup. CNAMEs require at least two: one to find the CNAME, and another to find the final IP address. It’s a small difference, but it adds up when you’re handling lots of traffic.

Flexibility vs. control

A records give you direct control but need manual updates if IP addresses change. CNAMEs are more flexible with changing IPs, but give up some control to another domain.

Common gotchas

You can’t use a CNAME on your root domain if you need MX records for email. Also, multiple CNAMEs can create a chain of lookups, slowing things down. However, A records need updates when IP addresses change, which can be a pain with cloud services.

The best choice depends on your specific needs. If you need direct control and best performance, go with an A record. If you need flexibility and automatic updates (especially with cloud services), a CNAME might be your better bet.

How to choose the right record type

The choice between an A record and a CNAME often comes down to your specific situation. Instead of giving you a long list of technical criteria, let’s walk through some common scenarios to make this super practical.

Use an A record when:

1. You’re setting up a root domain
   • Your main domain (example.com) usually needs an A record
   • You need MX records for email on the same domain
   • You want the fastest possible DNS resolution
2. You have a static IP that rarely changes
   • Your own web server with a fixed IP
   • Self-hosted services
   • On-premise applications
3. You need load balancing
   • Multiple A records can point to different IPs
   • Great for distributing traffic across servers
   • Perfect for high-availability setups

Use a CNAME when:

1. You’re working with cloud services
   • Setting up Netlify, Vercel, or similar platforms
   • Using CDNs like Cloudflare or Akamai
   • Connecting to SaaS platforms
2. You’re managing subdomains
   • blog.example.com
   • shop.example.com
   • app.example.com
3. The destination IP might change
   • Cloud-hosted services
   • Dynamic infrastructure
   • Third-party services

Make the right DNS choice for email authentication

A records and CNAMEs play important roles in your overall DNS setup, but email authentication often needs special consideration.

For example, when you’re implementing DMARC with Valimail, you’ll need to set up specific DNS records. Getting these right guarantees your email authentication works correctly and keeps domain impersonators at bay. Fortunately, Valimail’s platform handles the complexity of DNS record management for you by automatically creating and updating the records you need.

Get started for free with Valimail Monitor and learn how Valimail automates your DNS record management for email authentication.

Whether you’re using A records, CNAMEs, or a mix of both, getting your DNS setup right is non-negotiable for email security. And with Valimail, you don’t have to figure it out alone.

The post A Record vs. CNAME: What’s the difference (and when to use each)? first appeared on Valimail.

This major shift in the email ecosystem pushed the industry toward widespread adoption of DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies to prevent fraudulent mail from reaching users’ inboxes.

Now, Microsoft and Apple have joined the cause.

Together, these four mailbox providers (Google, Yahoo, Microsoft, and Apple) account for approximately 90% of a typical Business-to-Consumer (B2C) email list. That means if you’re sending to any consumer audiences, you must meet these new standards or risk serious consequences: your email might be junked, rejected, or completely blocked.

Let’s break down exactly what’s changing, when these email compliance changes go into effect, and how you can make sure your emails continue reaching your audience.

Overview of new email compliance changes

The good news?

The new email sender requirements across Google, Yahoo, Microsoft, and Apple are fairly similar, meaning you won’t have to create four different email sender compliance strategies.

Instead, you’ll need to focus on proper authentication and ensure your practices align with a few key standards across SPF, DKIM, and DMARC.

Before we dive into the full breakdown, here’s the high-level goal for every sender in 2025:

• Authenticate your emails
• Publish and align your DMARC records
• Maintain list hygiene and consent
• Enable unsubscribe functionality
• Stay ahead of complaint thresholds

Sounds simple? It can be, especially if you have the right resources and help. 

The Microsoft, Gmail, Yahoo, and Apple email sender requirements 

Need a quick way to check if you’re covered?

Here’s a simple comparison across the four major mailbox providers:

Want an easy way to check if your email authentication meets these requirements? Plug your domain into our free DMARC checker and see where you need to make changes. 

Key highlights about each email mailbox provider’s requirements 

Google

• Enforcement began in early 2024.
• Bulk senders (5,000+ daily) must have SPF, DKIM, and DMARC. (For non-bulk senders, SPF or DKIM is acceptable.)
• Messages failing DMARC could face rejection.
• Must offer one-click unsubscribe and maintain low spam complaint rates.

Read Google’s requirements here.

Yahoo

• Began enforcement in 2024.
• Very similar to Google’s requirements.
• Strong focus on unsubscribe mechanisms and user consent.

Read Yahoo’s requirements here.

Microsoft 

• Enforcement begins May 5, 2025.
• Microsoft has stated explicitly that non-compliant mail will be rejected outright, not just sent to the junk or spam folder.
• Requires SPF and DKIM for bulk senders, a DMARC policy, valid From/Reply-To addresses, and transparent practices.

Note: Microsoft’s decision to immediately reject mail rather than initially push it to the junk or spam folder sends a strong signal about the importance of compliance. Waiting is no longer an option.

Read Microsoft’s requirements here.

Apple

• No firm enforcement timeline yet.
• Requires SPF, DKIM, and DMARC for bulk senders.
• Strong expectations around unsubscribe options and list hygiene.

Read Apple’s requirements here. 

If you’re an email marketer worried about making these updates and aren’t sure how, you’ll need to work with your IT team. We created an easy template to send to your team to ensure your domains are covered:

The risk of rejection 

Even though Microsoft is the latest major mailbox provider to announce updated email authentication requirements, they are taking the most visible approach. While we’ve seen some rejection notices and warnings from Google and Yahoo, Microsoft has gone a step further: they have explicitly stated that non-compliant emails will be outright rejected.

This move dramatically raises the stakes for all senders and sets a clear tone for the future of email authentication. It’s no longer enough to hope that non-compliant mail might simply be filtered into spam folders. Microsoft’s stance signals that the industry is moving toward a stricter, rejection-first model where proper authentication isn’t just encouraged. It’s essential.

“Microsoft’s commitment to sender requirements – matching what Google and Yahoo have already established – demonstrates that strong authentication isn’t just a best practice anymore, it’s the new law of the land. This has tremendous impact for senders of all sizes, from their security practitioners to marketers and everyone in between. When you authenticate your mail, you get the deliverability you deserve. Without authentication, you get rejected.”

– Seth Blank, CTO of Valimail

If your domain doesn’t meet the basic requirements for SPF, DKIM, and DMARC, your emails are at serious risk of being blocked. You’ll face error codes, a drop in deliverability, and potential disruptions to critical communications. Delaying compliance won’t just hurt your email performance; it could also damage your brand’s reputation and erode the trust you’ve built with your audience.

Simply put: 2025 will not be forgiving for senders who ignore authentication. 

Check your compliance for free

Email authentication is mandatory across all four major email mailbox providers, and having visibility into your sending services is more important now than ever. Additionally, with Microsoft moving to 500-series SMTP rejections for non-compliant mail, many senders may not even see that their emails are being blocked.

These rejections will happen at the sending stage, meaning your vendors might see the error data, but unless you have direct SMTP visibility or robust reporting, you won’t even be aware of it. 

DMARC reporting gives you visibility into those sending services, especially if you’re relying on third-party platforms that send on your behalf without surfacing any deliverability issues. 

Get free, real-time visibility into your domain’s authentication health with Valimail Monitor. Our forever-free solution helps you spot problems with SPF, DKIM, DMARC, and alignment before they impact your ability to deliver email.

Even if your DMARC policy is set to p=none, you can (and should) be collecting RUAs (aggregate DMARC reports). This data gives you critical insights into:

• Whether your legitimate senders are passing authentication
• If unknown or unauthorized services are failing check
• Whether you’re ready to move toward full DMARC enforcement safely
  

Here’s what one user had to say about getting started with Monitor:

“Valimail has a free monitoring tool so you don’t have to jump into the deep end right away. You can really identify if you have significant issues that need to be investigated further. The DMARC changes for Google and Yahoo set off this firestorm and I am by no means a DMARC expert. Valimail graciously taught me the basics!”

– Damon P, G2 Review

What these requirements mean for the future of email

Why are these major mailbox providers implementing these changes? These requirements aren’t being implemented just for fun. They’re having a real impact and making inboxes safer for everyone. 

Here’s why Google implemented these changes: 

Months after the changes were implemented, Google publicized some interesting data on their email authentication and security efforts: 

• 65% reduction in unauthenticated messages sent to Gmail users
• 50% more bulk senders started following best security practices 
• 265 billion fewer unauthenticated messages were sent in 2024

“The intent behind this enforcement is to encourage stronger authentication practices across the industry, particularly for high-volume senders. While honoring safe senders ensures delivery aligned with user preferences, it may limit our ability to drive broader industry improvements in email security. High-volume senders often reach large audiences, and encouraging users to manually add them to their safe sender lists can be counterproductive, it increases the risk of spoofing and undermines long-term safety goals.”

– Puneeth at Microsoft

At Valimail, we also dug into the data, and we found that these requirements drove more than half a million of the top ten million domains to publish a DMARC record. 

Want to dive into this data more and see how each industry stacks up? 

Get help from the leaders in DMARC compliance

Navigating all these email authentication requirements can be overwhelming, especially if your mail starts getting rejected and you need a solution fast. But it doesn’t have to be. 

Whether you’re just starting your DMARC journey or you need a fast track to email sending compliance before Microsoft’s rejections kick in, Valimail’s got you covered. In fact, we’ve helped other people just like you: 

“[Valimail] was a fantastic resource as I navigate the upcoming sender requirements for Google and Yahoo. It was very easy to get personalized help to implement DMARC for our domains. I have logged on several times and found it very user-friendly. I have yet to integrate in other systems but look forward to doing so”

– Verified User, G2 Review

Our experts have helped many brands achieve DMARC enforcement quickly, safely, and confidently, and we’re ready to help you, too, by offering:

• White-glove service product support 
• Partners with Microsoft, Google, and Yahoo 
• Proven success in helping businesses of all sizes

FAQs about the new email compliance guidelines 

If you have further questions, check out some of the FAQs we went over in our latest video:

The post A complete guide to email compliance requirements from Microsoft, Google, Apple, and Yahoo first appeared on Valimail.

Cybercriminals know that all it takes is one successful phishing email to slip past your defenses and gain unauthorized access to sensitive information.

Imagine: It’s Monday morning, and you’re sipping your coffee, scrolling through your inbox. Suddenly, an urgent email from your CEO catches your eye. They’re asking you to transfer $50,000 to a new vendor ASAP. Your finger hovers over the “Reply” button…

It’s a trap. That email—it might not be from your CEO at all. Now, before you spill your coffee and panic-delete every email in your inbox, let’s introduce you to a powerful way to stop cybercriminals in their tracks: anti-phishing solutions. 

However, here’s the million-dollar question (or should we say, the don’t-lose-a-million-dollars question): which anti-phishing solution is right for your business?

We’ve got you covered. Below, we’ll walk you through everything you need to know about anti-phishing software and the top solutions on the market to give your business the protection it needs.

What is anti-phishing?

Phishing is a cybercrime where attackers attempt to trick individuals into revealing sensitive information such as passwords, credit card numbers, or other valuable data. These attacks often come in the form of deceptive emails, websites, or messages that appear to be from trusted sources.

Anti-phishing encompasses the set of technologies, techniques, and practices designed to detect, prevent, and mitigate these phishing attempts. It’s an essential component of modern cybersecurity strategies, protecting individuals and organizations from potentially devastating data breaches and financial losses.

Here’s what anti-phishing typically involves:

1. Email authentication: Protocols like SPF, DKIM, and DMARC verify the authenticity of email senders to prevent email spoofing and impersonation attacks.
2. Email filtering: Advanced systems that analyze incoming emails for signs of phishing attempts, such as suspicious sender addresses, unusual content, or malicious attachments.
3. Website protection: Tools that warn users when they’re about to visit a potentially fraudulent website, often by checking against databases of known phishing sites.
4. User education: Training programs that teach employees and individuals how to recognize and respond to phishing attempts, creating a human firewall against these attacks.
5. Multi-factor authentication: Security measures that require additional verification beyond just a password, reducing the risk even if login credentials are compromised.
6. AI and machine learning: Sophisticated algorithms that continuously learn and adapt to new phishing techniques to improve detection rates and reduce false positives.

Anti-phishing solutions often combine several elements to create a comprehensive defense against phishing attacks. They’re continuously evolving to keep pace with increasingly sophisticated cyber threats.

As reliance on digital communication and online transactions grows, so does the need for robust anti-phishing measures. For businesses, implementing strong anti-phishing protocols is as fundamental as securing physical assets.

Do you need anti-phishing solutions?

If you’re doing business online, the answer is a resounding yes. But let’s break down why anti-phishing solutions aren’t just a nice-to-have, but a must-have for modern businesses.

• The threat is real and growing: Phishing attacks are on the rise, and they’re getting more sophisticated by the day. Phishing attacks grew by 58% in 2023 compared to the previous year. These aren’t just annoying spam emails anymore—they’re highly targeted, well-crafted attacks that can fool even the most vigilant employees.
• The cost of a breach is devastation: The average cost of a data breach reached $4.8 million in 2024. For small to medium-sized businesses, this financial hit could be catastrophic. Anti-phishing solutions are a small investment compared to the potential losses from a successful attack.
• Your reputation is at stake: Beyond immediate financial losses, a successful phishing attack can massively damage your company’s reputation. Customers trust you with their data—a breach can shatter that trust and lead to long-term business losses.
• Human error is inevitable: No matter how well-trained your staff is, people make mistakes. It only takes one click on a malicious link to compromise your entire network. Anti-phishing solutions provide an extra layer of protection against human error.
• Compliance requirements are tightening: Many industries have strict data protection regulations. Implementing robust anti-phishing measures isn’t just good practice—it’s often a legal requirement. Failure to comply can result in hefty fines and legal troubles.
• Phishers don’t discriminate: You might think your business is too small to be a target, but cybercriminals cast a wide net. Small businesses are often seen as easy targets due to potentially weaker security measures.
• The workplace is evolving: With the rise of remote work and BYOD (Bring Your Own Device) policies, the traditional security perimeter has dissolved. Anti-phishing solutions help maintain security in this new, distributed work environment.
• It’s not just about emails anymore: While email remains the primary vector for phishing attacks, cybercriminals are branching out to SMS, social media, and even voice phishing (fishing).

Check if your domain is at risk of being spoofed or using for phishing attacks:

How to find the right anti-phishing software

Choosing the right anti-phishing software can feel downright overwhelming. How do you find the solution that best fits your business needs? Here’s how to make a (more) informed decision:

1. Evaluate your needs: Start by evaluating your current security posture. What are your vulnerabilities? What industry regulations must you comply with? Understanding your specific needs will help narrow down your options.
2. Consider your budget: Anti-phishing solutions come at various price points. While it’s tempting to go for the cheapest option, remember that cybersecurity is an investment. Balance cost with the level of protection you need.
3. Look for comprehensive protection: The best anti-phishing software offers multi-layered protection. Look for solutions that combine email filtering, web protection, and user education components.
4. Check for integration capabilities: Your anti-phishing software should play nice with your existing IT infrastructure. Double-check that it can integrate with your email client, web browsers, and other security tools.
5. Evaluate ease of use: A complex system that your team struggles to use effectively is almost as bad as having no protection at all. Look for intuitive interfaces and clear, actionable alerts.
6. Consider scalability: As your business grows, your anti-phishing needs may change. Choose a solution that can scale with your business (both in terms of the number of users and features).
7. Investigate reporting capabilities: Good anti-phishing software should provide detailed reports on attempted attacks to help you understand your threat landscape and demonstrate ROI to stakeholders.
8. Look for real-time protection: Phishing attacks evolve quickly. Your software should update in real-time to protect against the latest threats.
9. Check customer support: When it comes to cybersecurity, timely support is everything. Look for vendors offering 24/7 support and a track record of responsive customer service.

Remember, the right anti-phishing software is the one that best addresses your specific needs and integrates well with your existing security measures. Take your time, do your research, and don’t hesitate to ask vendors tough questions about their products’ capabilities.

11 best anti-phishing solutions

1. Valimail

Valimail is a cloud-native email authentication platform that helps organizations protect their email ecosystem from phishing attacks and email fraud. It automates DMARC, SPF, and DKIM implementation to guarantee that only authorized senders can use your domain, effectively stopping domain spoofing and impersonation attempts.

Key features:

• Automated DMARC enforcement
• Real-time email authentication
• Comprehensive visibility into email ecosystem
• Easy-to-use dashboard for monitoring and reporting
• Integration with major email providers and security platforms

Valimail is different from the other anti-phishing solutions on this list because it’s not a Secure Email Gateway (SEG)—and that’s by design. SEGs play a crucial role in email security, using AI and machine learning to identify suspicious behavior, malicious payloads, and business email compromise. But no matter how smart they are, SEGs still have to make educated guesses about trust.

Valimail eliminates the guesswork by enforcing zero-trust email authentication—ensuring that only authorized senders can use your domain through DMARC, SPF, and DKIM. This stops exact-domain spoofing and outbound impersonation attacks at the source, which is something SEGs can’t do alone.

That’s why we proudly partner with other SEG leaders. Together, we provide a layered, defense-in-depth approach: Valimail authenticates identity, and our partners analyze behavior. When both layers are working in harmony, phishing has nowhere to hide.

2. Abnormal Security

Abnormal Security is a cloud-native email security platform that leverages artificial intelligence and machine learning to detect and prevent sophisticated email attacks. It goes beyond traditional email gateways by analyzing behavioral patterns, relationships, and content to identify anomalies that may indicate phishing attempts, business email compromise, or other email-based threats.

Key features:

• AI-powered threat detection
• Protection against business email compromise (BEC)
• Account takeover prevention
• Supply chain defense
• Automated remediation of threats

3. Microsoft Defender for Office 365 

Microsoft Defender for Office 365 provides built-in protection against phishing, malware, and business email compromise for organizations using Microsoft 365. It’s designed to work natively within Microsoft environments, offering proactive threat detection and incident response.
Key features:

• Real-time phishing and malware protection
• Safe Links and Safe Attachments
• Attack simulation training for user awareness
• Automated investigation and remediation (AIR)
• Native integration with Microsoft 365 and Azure AD

4. Cloudflare

Cloudflare provides robust anti-phishing protections as part of its Zero Trust security model. With email link isolation, threat intelligence, and DNS filtering, Cloudflare helps businesses reduce phishing risk before users even see the message.

Key features:

• Real-time phishing link isolation
• DNS-based threat blocking
• Identity-aware access control
• Seamless integration with email security stacks
• Threat intelligence from a globally distributed network

5. Hunto AI

Hunto AI uses artificial intelligence to combat sophisticated phishing attacks. The platform uses advanced machine learning algorithms to analyze email content, sender behavior, and contextual information to identify and block potential threats. Hunto AI is designed to adapt to new and evolving phishing tactics, providing organizations robust protection against email-based cyber threats.

Key features:

• AI-powered phishing detection and prevention
• Behavioral analysis of sender patterns
• Real-time threat intelligence updates
• Integration with popular email platforms
• User-friendly dashboard for threat monitoring and reporting

6. Trustifi

Trustifi is a comprehensive email security platform that combines advanced threat protection with email encryption and compliance features. The platform uses AI-driven technology to detect and prevent various email-based threats, including phishing, spoofing, and malware. Trustifi’s approach secures inbound emails and also provides robust protection for outbound communication for end-to-end email security for organizations.

Key features:

• AI-powered threat detection and prevention
• Military-grade email encryption
• Data loss prevention (DLP) capabilities
• Compliance tools for HIPAA, GDPR, and other regulations
• User-friendly interface with one-click encryption options

7. Cofense

Cofense is a comprehensive phishing defense platform that combines advanced technology with human intelligence to protect organizations from email-based threats. Unlike traditional solutions that focus solely on blocking malicious emails, Cofense takes a proactive approach by involving employees in the defense process. The platform provides a full suite of solutions for phishing simulation, reporting, analysis, and response.

Key features:

• Phishing simulation and training programs
• Employee-driven phishing reporting button
• AI-powered threat analysis and prioritization
• Automated incident response capabilities
• Integration with existing security infrastructure (SIEM, SOAR)

8. Material Security 

Material Security is an innovative email security platform that takes a unique approach to protecting against phishing and other email-based threats. Instead of filtering malicious emails, Material improves email security by redacting sensitive information, providing context for links and attachments, and offering powerful search and investigation tools. This approach prevents phishing attacks and mitigates the potential damage if an attack does succeed.

Key features:

• Automatic redaction of sensitive information in emails
• Link protection with contextual information
• Advanced search and investigation capabilities
• Integration with existing email infrastructure
• Retroactive security for historical emails

9. McAfee

McAfee offers robust anti-phishing solutions as part of its comprehensive security suite. Their email protection technology uses a combination of reputation and content analysis, along with behavioral analytics, to detect and block phishing attempts and other email-based threats. McAfee’s solutions are designed to protect organizations of all sizes from increasingly sophisticated phishing attacks.

Key features:

• Advanced threat detection using machine learning
• Real-time email attachment and link scanning
• Integration with McAfee’s Global Threat Intelligence
• Protection against business email compromise
• Customizable policies and reporting tools

10. KnowBe4

KnowBe4 is a security awareness training and simulated phishing platform. While not a traditional email security solution, KnowBe4 takes a unique approach to anti-phishing by focusing on the human element of cybersecurity. The platform helps organizations train their employees to recognize and report phishing attempts—turning staff into a strong first line of defense against email-based threats.

Key features:

• Extensive library of security awareness training content
• Customizable phishing simulation campaigns
• Automated training assignments based on simulation results
• PhishER, a tool for analyzing and prioritizing reported phishing emails
• Detailed reporting and analytics on employee performance

11. IRONSCALES

IRONSCALES is an advanced anti-phishing platform that combines machine learning, AI, and human intelligence to provide comprehensive protection against sophisticated email threats. The platform offers a self-learning system that continuously improves its detection capabilities based on both artificial and human intelligence inputs. IRONSCALES is designed to detect and respond to phishing attacks in real time to reduce the risk of successful breaches.

Key features:

• AI-powered email threat detection
• Mailbox-level Business Email Compromise protection
• Automated incident response
• Decentralized threat intelligence sharing
• Gamified security awareness training

Protect your business from phishing with Valimail

Valimail’s approach to email authentication goes beyond traditional anti-phishing solution methods. Valimail automates DMARC, SPF, and DKIM implementation so only authorized senders can use your domain. This stops domain spoofing and impersonation attempts at the source, complementing SEGs and providing a strong first line of defense against phishing attacks.

What sets Valimail apart is its cloud-native platform, offering:

• Ease of use: Valimail simplifies the complex email authentication process to make it accessible even for non-technical users.
• Automated enforcement: Once set up, Valimail continuously maintains your domain security, adapting to changes in your email ecosystem.
• Comprehensive visibility: The intuitive dashboard provides a clear view of your email authentication status to help you identify and address potential vulnerabilities.

When it comes to phishing, stopping threats before they reach the inbox is better than waiting for a potential phishing email to come through. With Valimail, you’re not just reacting to threats; you’re proactively securing your email domain against potential attacks.

Take control of your email authentication today.

The post 11 anti-phishing solutions that safeguard your business first appeared on Valimail.

At Valimail, we take our work seriously but try not to take ourselves too seriously. This value inspires us to get to the heart of what makes people unique and how it affects their careers to provide valuable advice, inspiration, and insights to people working with email daily.

In this lighthearted interview series, we connect with experts from the email, IT, security, ISP, and authentication spaces to learn more about them and their experiences.

Listen to the full interview here or keep scrolling for the highlights:

About Karl Mattson

Karl Mattson is the CISO of Endor Labs, marking his fourth time in a CISO role. He began his journey in the financial services industry, serving at City National Bank and Penny Mac Mortgage before moving on to NonameSecurity.

His connection with Valimail dates back a decade to the early days of his first CISO role at City National Bank. It was then that he met Alexander García-Tobar and the Valimail team, forging a relationship that has spanned years.

Beyond his professional life, Karl is a dedicated father to three young children. During the COVID lockdown, he crunched the numbers and realized he had changed about 10,000 diapers while working from home—a testament to his ability to juggle security leadership and parenthood.

What’s an email security myth you wish more people would stop believing?

The myth is that there is a high success rate in managing DMARC on your own. The do-it-yourself mentality  is honorable, but in this case misguided.  

But in this particular area of security, managing SPF and DKIM records, companies very rarely achieve a high degree of success. So, I think the myth is that this is a do-it-yourself problem. 

Managing this on your own may be doable in the startup time frame when you’re a small company with only twenty employees. But it gets complicated quickly when you start adding different technology stacks and a larger employee base. It’s just one of those things that, as a security team, you probably need to outsource to a company like Valimail, which can handle it with a white glove and error-free.

What’s the smallest hill you are willing to die on?

So, I have a very small hill that I am very committed to, and that is on LinkedIn, when I see one vendor talking trash about another. I will never, ever do business with that company ever again. 

I won’t even talk to them. That’s a death sentence.

I work for a security vendor, and I’m very conscious of how companies talk about their competition. I go out of my way to be a gentleman to my competitors; I think that’s the right thing to do. 

How did you get started in IT/Security? What do you love about it?

My entry to IT/security was entirely accidental. I was an analyst in the military with a non-technical role and received my assignment to South Korea. When I got there, it turned out that the NCO in charge of a data center was leaving the country at the same time. 

So, I was assigned a data center to manage. They gave me the keys, and overnight, I was assigned the role of managing this IT organization. I spent the next two years learning the basics of server and network technologies, and leading an IT team—all the things that I needed to do to be a useful leader. 

Being thrown into a leadership role forced me to learn things very quickly. For example, if it was something related to encryption in a network, I had to find somebody to teach me on the spot, go to the library, get a book, or Google something. I had to self-teach in the moment very quickly. It forced me to be resourceful and self-learner, and these habits have served me well. 

If you could instantly fix one major security flaw in the email ecosystem, what would it be?

I think the original sin of email is that some email service providers do not make multi-factor authentication (MFA) mandatory. Still today, that just seems outlandish and irresponsible. 

For many years the largest providers resisted it. Gmail is a remarkably secure platform, and it has really set the standard for the best in email security on the user side. I just can’t believe it’s still not a requirement universally.

What’s the funniest or most bizarre phishing email you’ve ever received?

I received a series of emails from someone with a creative way of incentivizing me to look at the emails. The email subject line was: “I can lick my own elbow.” 

Okay, that’s the strangest thing I’ve ever seen. So I opened the email.

This person proceeded to sell software services for some company, but they also described how only one in a hundred people in the world can lick their own elbow. They offered to show me if I clicked the link or had a meeting with them. 

That’s the strangest way to get me to click a link. I went to LinkedIn to find out if this person was real. I was just fascinated by the oddity of this. Even though I knew it was a bot, darn it, I wanted to click it.

What’s a non-technical skill that has made you a better security leader?

I think the non-technical skill that is the most important of all skills as a security leader is the ability to identify and retain talent. Talent management is a part of my career, which has been a strength. A CISO’s survival skill is to surround oneself with a diverse set of skills and people who have abilities I don’t.

Identifying talent requires enlisting the current team to help identify a person of a certain caliber. If we bring this person into the team, do they bring skills that we don’t have? Are they of a talented level that is going to raise everyone else’s skill level? It takes the other members of the team to identify that. 

To keep them there, I think the key is to not let the organization be defined by the organizational chart. I think it is important to give talented people a little bit of autonomy to design the boundaries of their role, giving them some latitude to build a role with new boundaries.

How would you explain DMARC to your grandparents, friends, or relatives?

I would compare DMARC to the username and password that they use on a website.

Even my grandparents know that there’s a username and a password. But when emails are sent around the world, DMARC is the way that we use usernames and passwords to authenticate emails behind the scenes. 

So I’d say that it’s comparable to that authentication process that you use online. But it’s the emails. And it’s how they talk to each other behind the scenes.

Liked this interview? We have a whole collection of Authenticated Answers guests to read.

Check out our previous guests! 

The post Valimail Authenticated Answers with Karl Mattson first appeared on Valimail.

Valimail is proud to be named the #1 Leader in the DMARC category for the 11th consecutive quarter, according to G2’s Spring 2025 report.

But this isn’t just a repeat win. It reaffirms our dominance across enterprise, mid-market, and small business segments. Valimail leads the DMARC category in nearly every market and customer tier from North America to EMEA and Asia Pacific.

From top marks in ease of use to the fastest time to value, we’re honored to lead in multiple G2 categories and grateful to our customers for making it happen.

Learn more about how Valimail continues to grow its lead in G2’s Spring 2025 Report.

Highlights of Valimail’s leadership

This quarter, Valimail appeared on 65 reports and earned 13 unique badges. Among these rankings, we’ve had some exciting results of our solutions and leadership:

• Ranked #1 Grid® Report for DMARC | Spring 2025
• Ranked #1 Mid-Market Grid® Report for DMARC | Spring 2025
• Ranked #1 Small-Business Grid® Report for DMARC | Spring 2025
• Ranked #1 Mid-Market Implementation Index for DMARC | Spring 2025
• Ranked #1 Asia Pacific Regional Grid® Report for DMARC | Spring 2025

G2 rankings are driven by real customer feedback, combining satisfaction scores and market presence. So when Valimail is named the #1 DMARC leader, it’s a testament to how consistently our customers rate us on trust, ease of use, support, and time to value.

Our customers choose Valimail not just for what we do, but for how we deliver it.

Valimail awards and badges

Our recognition for continuously being a leader in the DMARC space demonstrates our commitment to providing high-quality DMARC services. As a testament to this, we’ve been recognized by G2 with these badges: 

Read more about our past G2 results with our recent ratings, Grid wins, and customer feedback. 

Insights from customer feedback

We’ve maintained our 4.6/5 stars status out of 319 reviews. These reviews reflect our commitment to providing excellent software and customer service. 

Here are a few of the reviews we’ve received this last quarter: 

A solid email authentication solution: “One of the standout aspects of Valimail is their onboarding team. They do a great job guiding you through the setup process and make it much easier to reach DMARC enforcement quickly. Their structured approach and clear instructions help eliminate a lot of the confusion that usually comes with email authentication.” – Michael S, Senior Systems Engineer

DMARC through Valimail: “Valimail stands out for its ease of use, particularly with its automated DMARC solutions. Unlike many DMARC vendors that require significant manual configuration and ongoing management, Their dashboard shows what services are sending emails on your behalf and also includes actionable insights from DMARC reports.” – Greg L, Senior Support Engineer [MSP]

Clear and easy tool to use: “Their solutions promote better email deliverability and enhance trust between senders and recipients, making email communication safer and more reliable. Additionally, their commitment to user-friendly tools and educational resources is a great way to empower businesses to take control of their email security.” – Adam M, Executive

The post Still #1 in DMARC: Valimail leads Spring 2025 G2 rankings for the 11th straight quarter first appeared on Valimail.

Any of these failing to reach your customers’ inboxes could mean missed opportunities and strained relationships (or worse).

Fortunately, there’s bound to be a reason for your email not sending, and when there’s a reason, there’s usually a solution. We’re here to help you find answers.

From the simple slip-ups to the more complex technical glitches, we’ll guide you through common causes and provide actionable solutions to get your email communications back on track.

How email delivery works

Email doesn’t get the credit it deserves. Sure, it’s a trusted method of communication, but it’s also an online identity. Think about it.

You likely use your email address to log in to various websites and applications. Perhaps everything from your organization’s systems, social media accounts, and banking services.

Email is the reliable postman of the Internet—always there, rain or shine. Let’s take a look at what’s happening behind the scenes to get your desired message from Point A to Point B, and we’ll relate it to real-life mail to better paint the picture:

1. Typing it out: It all starts with you composing an email. This step is like writing a letter, but it’s on your computer or phone instead of paper.
2. Hitting send: Once you hit send, your email starts its digital journey. It’s like putting your letter in the inbox, but in this case, it’s digital.
3. Through the outgoing server: Your email first travels to an outgoing mail server, often called SMTP (Simple Mail Transfer Protocol) server. Think of this as the local post office sorting your mail.
4. Finding the address: The SMTP server then looks up the domain of the recipient’s email address (like @valimail.com) to find out where to deliver your message.
5. Journey across the internet: Your email travels through the Internet.
6. Incoming server: Once it reaches the recipient’s email domain, it’s handed off to their incoming mail server, known as the IMAP (Internet Message Access Protocol) or POP3 (Post Office Protocol) server. This is like your letter reaching the recipient’s local post office.
7. Inbox delivery: Finally, the email lands in the recipient’s inbox, ready to be opened and read. Mission accomplished.

Commons reasons why your email isn’t sending

Zeroing in on why your email isn’t sending can sometimes be as tricky as figuring out why you have a fever. It could be a virus, bacteria, fatigue, food poisoning, infection, pregnancy, heat, inflammation, cancer, or medication…

Fortunately, pinpointing the reason why your email isn’t sending is a little bit easier (in our opinion). Let’s start with the most common reasons:

1. Incorrect email address

One common reason for email non-delivery is simple human error in typing email addresses. Typos or mistakes in the domain part of the email (like accidentally typing ‘.con’ instead of ‘.com’) can prevent the email from reaching its intended destination.

2. Internet connectivity issues

A stable internet connection is essential for sending emails. If your internet connection is weak or unstable, it can disrupt the email-sending process, causing emails to get stuck in the outbox.

3. Server problems

Email delivery can also be affected by email server issues, whether the sender’s or the recipient’s. Problems like server downtime or maintenance can result in emails being delayed or not delivered at all. Monitoring server status (particularly during critical communication periods) is important to ensure consistent email delivery.

4. Full inbox or storage quotas

Email delivery can fail if the recipient’s inbox is full or if they have reached their storage quota. This situation prevents new emails from being delivered. Regular inbox management and monitoring of storage limits can help avoid such issues, ensuring that important emails aren’t bounced back due to lack of space.

5. Email size limits

Most email providers impose limits on the size of emails, including attachments. If an email exceeds these size limits, it won’t be delivered. Being aware of your email provider’s size limits and compressing large files before sending them can prevent these issues

6. Poor reputation

Your email-sending reputation is a score that email services assign to your domain based on factors like the volume of emails you send, how many bounce, and whether your emails are marked as spam. A good reputation means your emails are more likely to be delivered successfully, while a poor one can lead to your emails being blocked or landing in the spam folder.

Technical impacts on your email sending

Beyond some of the more common reasons your email might get hung up, there are also behind-the-scenes technical reasons your email isn’t delivering. Let’s take a look at them:

Spam filters and email authentication

Spam filters protect inboxes from unwanted emails. However, these filters can sometimes be overzealous, mistakenly flagging legitimate emails as spam. They’re not perfect.

This is where email authentication protocols like SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) come in handy.

They verify that the email is from a legitimate source, helping your emails get the green light from spam filters. Stay up-to-date with these authentication methods to ensure your emails reach their intended destination.

IP address reputation

Your IP address is like your email’s home address on the Internet. A good reputation of this address is vital for email deliverability. If your IP address is associated with spamming or other dubious activities, it can harm your ability to send emails effectively.

Maintaining a clean IP reputation involves monitoring for any spammy behavior and ensuring your email practices align with best practices. Following good-sending habits makes your emails less likely to be rejected or marked as spam.

Configuration errors in email settings

The backbone of email sending lies in the configuration of SMTP, POP3, and IMAP settings. A small mistake in these configurations can lead to big problems in email delivery. Common errors include incorrect server addresses, port numbers, or authentication details.

Check and update these settings to avoid pitfalls and keep your email communication smooth and uninterrupted.

Changes in email sender requirements

Sometimes, email inbox providers make big changes to the messages (and senders) they’ll allow to reach clients using their inbox services.

For example, with Gmail and Yahoo’s new sender requirement that went into effect in 2024, senders must follow a new list of requirements to ensure these email inbox providers deliver their trusted messages:

• Authenticate all messages with DMARC (technically, authenticate all messages with SPF or DKIM aligned with the From domain)
• Send from a domain with a DMARC policy of at least p=none
• Have valid forward and reverse DNS that match each other
• Use the one-click unsubscribe header and an unsubscribe link in the footer
• Maintain a low spam rate of < 0.1%
• Encrypt your email (technically, require TLS)

If you don’t follow these requirements, you could receive errors that your DMARC is failing.

How to fix your emails not sending

If there’s a reason your email isn’t sending, there’s a solution. Here, we’ll go over a list of common ways to get your email out the door and into your customers’ inboxes.

1. Authenticate your emails

Email authentication involves setting up protocols like SPF, DKIM, and DMARC. These protocols validate your emails, ensuring they’re seen as trustworthy by email servers, reducing the likelihood of them being marked as spam.

Not authenticated yet? We can help.

Valimail accelerates your path to DMARC enforcement without any manual SPF or DKIM configuration.

2. Verify email addresses

Before you hit send, verify the accuracy of the email addresses on your list. Manually checking the validity of all your addresses can be a headache, and that’s why we recommend using an email validation tool—it’ll check email addresses in real time to help you never send messages to non-existent or incorrect addresses.

This saves time and resources and protects your sending reputation by reducing bounce rates.

3. Test internet connectivity

If you encounter issues, test your connection’s speed and stability. Sometimes, restarting your router can solve these problems. Persistent issues might require contacting your internet service provider.

4. Adjust email size and format

Double-check that your email size doesn’t exceed the limits set by email providers. Compress files (using cloud-based links for large attachments) or adjust the email format to help with delivery.

5. Talk to your IT department or email service provider

If basic troubleshooting doesn’t resolve the issue, it’s time to contact your email service provider or your IT department. They can delve deeper into potential server-side problems, configuration errors, or other technical difficulties affecting your email delivery.

6. Ensure email compliance

Stay up to date with the latest email security requirements and ensure you’re compliant. If you’re a financial institution that handles banking information? You need DMARC as part of the updated PCI compliance requirements. If you’re a bulk sender, you must meet Google and Yahoo’s email authentication requirements.

Proactive ways to prevent future sending issues

Just because you don’t have email-sending issues now doesn’t guarantee you won’t have them later. It’s a good idea to cover all your bases in advance by following these proactive measures to prevent future sending issues:

• Check email settings: Like a regular health check-up for your email system, updating your email configurations ensures everything runs smoothly (from server details to security settings).
• Implement DMARC: Implementing DMARC is like having a digital seal of approval on your emails. It verifies the authenticity of your emails to improve deliverability and protect your domain from misuse.
• Monitor IP reputation: Keep a close eye on your IP reputation—it’s like your business’s credit score in the email world. A good reputation means your emails will consistently reach inboxes.
• Stay informed on email provider policies: Stay updated with the latest changes from email providers like Google and Yahoo. Adapt to these updates to comply with new standards and keep your email strategy effective.

Boost your email deliverability with Valimail

Landing your emails in the inbox is both an art and a science. There’s a lot going on under the hood, though, which means sometimes your emails won’t reach their destination.

Fortunately, you don’t have to figure it all out on your own. We’re here to help.

Valimail (and our team of experts) eat, sleep, and breathe email. Our easy-to-use platform simplifies the complexities of email authentication and makes it accessible for businesses of all sizes. We can help you consistently protect your brand with DMARC, and we can even get your brand’s logo showing up in inboxes with BIMI (Brand Indicators for Message Identification).

Whether you want to enhance your email deliverability, safeguard your domain, or stay compliant with the latest email standards, we’re here to help. Schedule a demo now to learn how we can better protect your domain and brand.

The post Why is my email not sending? (and the solution) first appeared on Valimail.