Welcome ValiMail: The World’s First EaaS
I am excited to announce ValiMail’s emergence from stealth mode as the world’s first Email Authentication as a Service (EaaS). We co-led ValiMail’s seed round late in 2015 alongside our friends at Bloomberg Beta.
Valimail, with headquarters in San Francisco, is doing something that has never been done before: authenticate the world’s email. If successful, the result will be the elimination of phishing attacks, much higher deliverability rates, and a restoration of consumer’s trust in email. ValiMail offers CIOs and CISOs the visibility and control they need for their ever-expanding sets of cloud services.They are off to a great start, with leaders in their industries such as Uber, HBO and Fenwick & West relying on ValiMail to authenticate all of their email to the tune of 1.5B+ emails/month.
I was introduced to Alex (ValiMail’s CEO) last summer through a good friend who’s been a successful entrepreneur in the Internet infrastructure business. We had an intense courtship, because it was late in their process, but I LOVED the idea and was immediately won over by the team’s background, progress, and momentum. We discovered that Alex had previously worked at BCG with our very own Jeff Bussgang years ago, which made it easy for both parties to get acquainted. Before we invested, we introduced customers and prospects to test out ValiMail’s solution, and received incredibly positive responses in how ValiMail fought off phishing attacks. We turned on ValiMail for Flybridge.com and also saw immediate success in stopping attacks, with 16,000 suspicious emails blocked in the first month alone.
How is ValiMail solving this problem?
Many companies utilize a legacy technology know as Secure Email Gateways (SEGs). SEGs have been used for many years as protection against simple phishing attacks, scanning content to try and identify fraudulent and spam emails, bad URLs, malware and other untrustworthy attachments. SEGs do a decent job of filtering out bad incoming emails with known tactics, but they fail to stop complex attacks that appear, for all intents and purposes, to be legitimate – otherwise known as impersonation attacks (W2, wire-fraud, or CEO to CFO attacks, are recent examples). These are the REALLY bad hacks, the phishing that you read about in the news, the phishing that can destroy a company.
Email authentication (EA) has the potential to be the most efficient approach to anti-phishing. It does not attempt to analyze an email and determine whether or not its contents are “bad.” Instead, it does one better. It protects your domain, or your brand, considering your domain is your brand these days. ValiMail’s software not only stops phishing attacks, but also provides visibility and control over your company’s email services. This has become a critical issue for CIOs as companies sign up for services that send emails on their behalf – think Salesforce, Marketo, Zendesk, etc. In fact, most companies have dozens of cloud services in place, yet the CIO/CISO has nearly zero visibility nor control, leading to major security and operational concerns. And all of this happens automatically. Before a user can even open an email, ValiMail verifies if it is from a legitimate entity or an imposter. If the email is not true to its original source, it is automatically rejected and filtered out before you have the chance to see it. Gmail, Hotmail, Office 365, AOL, and Yahoo!, all support EA.
How does ValiMail work?
ValiMail is the only company to offer fully-managed email authentication as a cloud service. It requires a simple one-time update to a configuration record, then ValiMail handles all email authentication for the client. No manual configuration or maintenance is required by customers. Once activated, ValiMail will dynamically authenticate any email claiming to be you globally, providing real-time instructions to the email receiver on how to process your email, rejecting the unauthenticated email and letting the legitimate email through. This results in a global “shield” protecting your employees, brand, and consumers, while requiring no software installation or change in user behavior. If desired, customers can be alerted when an attack is detected, and view the details on their ValiMail dashboard.
We truly believe in ValiMail co-founders Alexander Garcia-Tobar and Peter Goldstein. Alexander, ValiMail’s CEO, was previously the VP of Business Development at Agari, a SaaS solution for email security used by the some of the largest banks and brands in the world. Earlier in his career, he worked at Forrester Research and was VP Global Sales at security company ValiCert, a leading digital certificate authentication vendor, which IPO’d in 2000. Peter, ValiMail’s CTO, was previously in senior development positions at Swapt, Enthuse, Tout.com, RSA, and is responsible for creating ValiMail’s patent-pending technology. Both Alexander and Peter have the experience and knowledge in email security to build and grow this groundbreaking company.
The market for email authentication is basically limitless; virtually every business on the planet needs ValiMail to ensure visibility, control, and anti-phishing protection for their growing set of cloud-based email services. Despite it’s age, e-mail continues to grow 6% annually. In 2015, e-commerce attributed to approximately $1.7 billion in sales worldwide. Account information and purchase confirmations are shared over email every day. Your identity, money, and business is at risk—but not for long. Though only a seed stage startup, ValiMail currently protects more than 2.7 billion inboxes for over a dozen clients.
ValiMail’s website provides a free service to check the current authentication status of any domain, allowing potential customers to discover the safety of their domain. You can check your domain here.
I’m looking forward to helping Alex and Peter as they scale ValiMail, bring trust to email, and help put an end to phishing once and for all.
BTW – ValiMail fits with my Control Plane investment thesis. More to follow on this in an upcoming blog post ….