Valimail achieves FedRAMP tailored authorization; protects federal agencies from email spoofing and impersonation attacks

Valimail announced Thursday that its Valimail Enforce service is FedRAMP authorized and available for federal agencies to use to deploy, configure, and maintain the Domain-based Message Authentication, Reporting & Conformance (DMARC) standard to protect their government domains from phishing and fraudulent use. This capability can aid agencies in enforcing the Department of Homeland Security Binding Operational Directive (BOD) 18-01.

The Department of Homeland Security’s BOD 18-01 mandates that federal agencies deploy DMARC at enforcement by Oct. 16, this year. An enforcement policy directs receiving mail servers to reject all non-authorized emails using those domains, eliminating phishers’ ability to impersonate those agencies by using their domains in fraudulent email messages.

Currently, although over 70 percent of all federal domains have started the process, less than half are protected by DMARC through setting a policy of enforcement.

Originally offered for public comment in February 2017 and released for use last September, FedRAMP Tailored was developed to support industry solutions that are low risk and low cost for agencies to deploy and use. GSA’s streamlined FedRAMP Tailored process enables commercial SaaS solutions, like Valimail Enforce, a fully automated cloud solution that does not use personally identifiable information (PII), to rapidly achieve FedRAMP Authorization in partnership with the Department of Commerce.

As DMARC continues to accelerate and cloud IT becomes the norm with multiple third-party e-mailers sending on one’s behalf, email authentication is key to protecting organization from impersonation attacks. Impersonation attacks prey on victims’ familiarity with an organization’s email domain and are much harder for end-users to detect. DNS was not built for modern authentication standards, however, and most organizations have found the authentication process difficult because it’s not just a simple configuration project.

Email authentication is an ongoing operational activity that must be maintained. Valimail Enforce was purpose-built to get organizations to enforcement with automation. That means the organization can be more secure with fewer vulnerabilities, and no DNS manual process. With Valimail Enforce, employees, partners and brand get automatically protected.

The Valimail Cloud responds to every authentication request in real-time and ensures that every email sent using domain name is safe. Only approved third-party apps can send email on the user’s behalf.  

“We are incredibly proud to have completed this milestone so rapidly and to be recognized for the security and stability of our product, which provides protection against same-domain email impersonation without using any PII,” said Valimail co-founder and CEO Alexander García-Tobar. “This is a timely announcement, since Valimail Enforce can now help agencies achieve compliance with BOD 18-01, greatly increasing the cybersecurity posture of the federal government as well as the security of the American public.”


Leave a Reply

WWPI – Covering the best in IT since 1980