ValiMail helps enterprises protect their inboxes by making it easier to authenticate incoming emails with the help of the DMARC standard and related open protocols. At its core, this allows businesses to ensure that nobody can use their own domain names for a phishing attack against their employees, and gives enterprises more insight into how their internal and external email services are used.
The company today announced that it has raised a $12 million Series A round led by Shasta Ventures, with follow-on investments from Flybridge Capital and Bloomberg Beta. This brings ValiMail’s total funding to date to $13.5 million.
ValiMail CEO Alexander Garcia-Tobar tells me that the company decided to raise now (while it still has about 18 months of runway in the bank) because “it’s the right time to add new functionality to our technology platform, educate the market about email authentication, and service the strong demand as new companies deploy email authentication.” It’s no surprise, then, that Garcia-Tobar says the company will use the funding to continue to develop its technology platform and to onboard and service its new clients. In addition, ValiMail is building out its API in an effort to become even more of an ecosystem play. The company currently has fewer than 20 employees, but plans to triple this number in the next 16 months.
DMARC (which stands for “Domain-based Message Authentication, Reporting and Conformance) is a standard protocol for email validation. Virtually every major email service now supports it, but ValiMail argues that it’s still relatively hard to implement. The company promises to help its users automate and manage email authentication through a straightforward interface that lets them manage the service and monitor threats.
In a world where sophisticated spear-phishing attacks are on the rise (and most of those seem to come from internal or other trustworthy domains), a startup that helps enterprises guard against this makes for an attractive investment for VCs.
ValiMail, which tells me that it reached profitability in early 2016, says its current customers include the likes of Uber, Yelp, Twilio and Fenwick & West. The company likes to say that it “enables automated email authentication for 2.7 billion email inboxes globally.” That’s an exaggeration meant to make the service look bigger than it is, of course. There are about 2.7 billion inboxes globally today, so while this big number looks good in press releases, it merely means that ValiMail does use a standard protocol. ValiMail tells me that it now authenticates 1.5 billion emails per month and that it has two dozen clients in production. It says that it has protected these clients from 40 million phishing emails.