<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=62700&amp;fmt=gif">

Archive of stories published by The ValiMail Blog: Return to Sender

Banks Want to Help You Send Money. So Do Phishers

Banks Want to Help You Send Money. So Do Phishers

ValiMail Published on Sep 19

DMARC Failure Reports: What Are They Good For? (Absolutely Nothing!)

DMARC Failure Reports: What Are They Good For? (Absolutely Nothing!)

DMARC is a powerful tool that domain owners can use to protect their domains — and thus their brands — from abuse. At enforcement (a policy of “quarantine” or “reject”) it stops impersonation attacks, which are the most difficult type of phishing...

Peter Goldstein Published on Sep 8

Why Your Company Could be Unprotected Due to Incorrect DMARC Implementation

Why Your Company Could be Unprotected Due to Incorrect DMARC Implementation

Ninety percent of security breaches start with a phishing email. The most effective type of phish — and the hardest to detect — is the email impersonation attack, where fraudsters use a false name email address to make it look like their message is...

Vivek Asija Published on Sep 7

FTC’s review of CAN-SPAM is a chance to upgrade our email ecosystem

FTC’s review of CAN-SPAM is a chance to upgrade our email ecosystem

ValiMail Published on Aug 30

The FBI Makes DMARC Enforcement Part of Law Enforcement

The FBI Makes DMARC Enforcement Part of Law Enforcement

ValiMail Published on Aug 17

Why it's so easy to fool White House officials with fake emails

Why it's so easy to fool White House officials with fake emails

ValiMail Published on Aug 8

Why SPF Alone Will Not Protect You

Why SPF Alone Will Not Protect You

ValiMail Published on Jul 27

Senator: Why Are Fed Agencies So Vulnerable to Email Fraud?

Senator: Why Are Fed Agencies So Vulnerable to Email Fraud?

ValiMail Published on Jul 18

What Is DMARC?

What Is DMARC?

 

ValiMail Published on Jul 17

Messaging Industry Group Names ValiMail CTO Peter Goldstein as Technical Committee Co-Chair

Messaging Industry Group Names ValiMail CTO Peter Goldstein as Technical Committee Co-Chair

We're proud to announce that ValiMail CTO and co-founder Peter Goldstein has been appointed as a technical committee co-chair for M3AAWG, the Messaging, Malware and Mobile Anti-Abuse Working Group, an industry organization working against botnets,...

ValiMail Published on Jul 5

The Only Email Authentication Solution Trusted by Both Hooli and Pied Piper

The Only Email Authentication Solution Trusted by Both Hooli and Pied Piper

HBO’s Silicon Valley, which just finished its fourth season, tells the story of Pied Piper — an early stage data compression startup — and its rivalry with the tech giant Hooli. Over the course of the show, Pied Piper and Hooli have become well-known...

Peter Goldstein Published on Jun 28

Five Top Finance Execs Fooled by Phishing Emails

Five Top Finance Execs Fooled by Phishing Emails

Five top bank executives have fallen victim to an email prankster in the past month.

The CEOs of Goldman Sachs, Citigroup, Barclays PLC, Morgan Stanley, and the Governor of the Bank of England were all ensnared by a prankster who pretended to be...

ValiMail Published on Jun 23

ValiMail Earns Recognition for Online Trust

ValiMail Earns Recognition for Online Trust

We're very happy to announce that we've been named to the 2017 Online Trust Honor Roll from the Online Trust Alliance, a nonprofit industry group aimed at enhancing online trust, user empowerment, and innovation on the Internet.

ValiMail Published on Jun 21

Spear Phishing and Election Hacking

Spear Phishing and Election Hacking

Newly published documents from the NSA state that Russian military intelligence targeted U.S. election officials with spear-phishing emails just days before the November 2016 election.

ValiMail Published on Jun 12

What Is DKIM?

What Is DKIM?

Key management can be tricky. Photo credit: suzyhazelwood via photopin

Note: This is the third in a four-part series explaining the basics of email authentication. See the other posts:

 

ValiMail Published on May 31

Even Email Service Providers Can Get Compromised

Even Email Service Providers Can Get Compromised

 

In our quest to authenticate the world’s emails, a big part of ValiMail’s job is helping domain owners get to email authentication enforcement.

But we also work with big email senders — the email service providers (ESPs) used by our customers

Steve Whittle Published on May 18

Phishing Vulnerability Is Even Worse Than Gizmodo Story Shows

Phishing Vulnerability Is Even Worse Than Gizmodo Story Shows

ValiMail Published on May 10

What Is SPF?

What Is SPF?

SPF helps mail servers determine if incoming email is authentic or not. Image source: Pixabay

Note: This is part of a series covering the basics of email authentication. See the rest of the series:

ValiMail Published on May 5

ValiMail Earns Recognition From MIT Sloan CIO Symposium

ValiMail Earns Recognition From MIT Sloan CIO Symposium

MIT’s Kresge Auditorium, site of the MITSloan CIO Symposium. Photo credit: Gunnar Klack/Flickr

We’re happy to announce that MIT Sloan CIO Symposium has selected ValiMail as one of ten finalists for its 2017 Innovation Showcase.

ValiMail Published on May 4

What Is Email Authentication?

What Is Email Authentication?

This is the first in a series of posts covering the basics of email authentication. Read the rest of the series:

For most of the past 40 years, we’ve had to make a leap of faith every time we opened an...

ValiMail Published on Apr 26

Tax Season Is Over, But W-2 Fraud Isn’t

Tax Season Is Over, But W-2 Fraud Isn’t

Now that tax season has ended in the U.S., you might be tempted to think that tax-related scams will let up until next year. Guess again.

ValiMail Published on Apr 19

CEOs believe digital trust matters - so why aren’t they investing in it?

CEOs believe digital trust matters - so why aren’t they investing in it?

Recent research shows that CEOs are increasingly concerned about maintaining customer trust -- but when it comes to the digital world, they’re having trouble connecting those concerns to effective cybersecurity and brand-protection investments.

ValiMail Published on Apr 12

Banks Adopt Email Authentication, But There’s More to Do

Banks Adopt Email Authentication, But There’s More to Do

Banks take security seriously. Photo by Jason Baker/Flickr.

The march toward universal email authentication continues.

ValiMail Published on Apr 3

Momentum Builds for DMARC in the U.S. and U.K.

Momentum Builds for DMARC in the U.S. and U.K.

The movement to implement email authentication is gathering steam, and international cyber security experts are increasingly pointing to DMARC as a crucial key.

ValiMail Published on Mar 30

Being Careful About Links Is Not Enough

Being Careful About Links Is Not Enough

Photo by Chris Dlugosz/Flickr

According to the Anti-Phishing Working Group’s Q3 2016 report (.pdf), there are over 100,000 unique phishing sites active every month. And

ValiMail Published on Mar 24

Spear Phishers Use Fake Email Threads, Fake SPF Authentication

Spear Phishers Use Fake Email Threads, Fake SPF Authentication

Spear phishing has gotten a lot more sophisticated since this photo was taken. Photo credit: Gerry Lauzon/Flickr

I work with people who are trying to prevent others from impersonating their domains. Usually this is preventative, but unfortunately,...

Steve Whittle Published on Mar 14

FTC: Companies Are Embracing Email Authentication — Partially

FTC: Companies Are Embracing Email Authentication — Partially

The Federal Trade Commission announced today that U.S. companies seem to understand the value of email authentication — but they aren’t yet

ValiMail Published on Mar 4

Email Authentication and Mailing Lists Haven’t Worked Well Together — Until Now

Email Authentication and Mailing Lists Haven’t Worked Well Together — Until Now

DMARC and email lists: BFFs at last. Photo source:  Pixabay

One of the most common technical concerns we hear about email authentication through DMARC is that it doesn’t work with mailing lists.

ValiMail Published on Mar 3

Even Cyber Security Leaders Struggle With Email Safety

Even Cyber Security Leaders Struggle With Email Safety

Keep trying! Photo credit: Nagarjun Kandukuru/Flickr

RSA is one of the largest cyber security providers in the world, and its annual conference in San Francisco, happening this week, draws tens of thousands of attendees. People come from all over...

ValiMail Published on Feb 18

How DMARC Handles Domains and Subdomains in Email Addresses (Part 1)

How DMARC Handles Domains and Subdomains in Email Addresses (Part 1)

Photo credit: Profound Whatever/Flickr via photopin.com

DMARC uses the Domain Name System (DNS) to store records indicating how email receivers should evaluate incoming messages for authenticity

Peter Goldstein Published on Feb 10

Be Prepared for Tax Season Email Scams

Be Prepared for Tax Season Email Scams

Tax forms! Photo credit: Manchester Library/Flickr via photopin.com

With tax season just ramping up for many companies, it’s a good time to be on the lookout for a particularly pernicious form of business email compromise (BEC): The W-2 scam.

ValiMail Published on Feb 1

DMARC: The Only 3 Tags You Really Need

DMARC: The Only 3 Tags You Really Need

These are not the tags you’re looking for. Photo credit: Lisa Brewster/Flickr

The DMARC standard defines a number of different tags that can be used in a DMARC record. Some of these tags are required, but most are optional and a number of the tag...

Peter Goldstein Published on Jan 27

An Open Letter to the Trump Administration

An Open Letter to the Trump Administration

The unofficial hat.

Dear President-Elect Trump:

As you take office on January 20, we are writing with a modest proposal: Make email great again.

ValiMail Published on Jan 19

Why Email Authentication Matters for IoT

Why Email Authentication Matters for IoT

It’s 11 p.m. Do you know what your router is doing? Photo credit: raffia s/Flickr via http://photopin.com.

In the past year, the Internet of Things played a starring role in at least one major Internet outage, where Dyn, a provider of DNS lookup

ValiMail Published on Jan 7

Phishing Still Tops the List of Hacker Tools

Phishing Still Tops the List of Hacker Tools

Don’t get caught. Photo credit: www.ilkkajukarainen.fi via Flickr

Verizon’s latest annual security report, released late last year, covers almost 100,000 security incidents and over 3,000 serious breaches. In 2016, as in previous years, social...

ValiMail Published on Jan 5

Russian Phishing Attack Uses Harvard Emails — Due to Lack of Email Authentication

Russian Phishing Attack Uses Harvard Emails — Due to Lack of Email Authentication

Harvard Kennedy School’s Littauer Building. Photo credit: KAKM on en.wikipedia

A Russian phishing attack used a fake Harvard email address in an attempt to get malware into American think tanks and nonprofits, the Harvard Crimson reports.

ValiMail Published on Dec 20

The Presidential Commission on Cybersecurity Overlooked the Biggest Attack Vector

The Presidential Commission on Cybersecurity Overlooked the Biggest Attack Vector

Facepalm. Photo credit: mrhong42/Flickr

The U.S. Presidential Commission on Enhancing National Cybersecurityrecently delivered a 90-page report to the President, the result of 10 months of work by 12 distinguished commissioners. It contains six...

ValiMail Published on Dec 13

ValiMail CEO Explains the Basics of Email Authentication in Wharton Podcast

ValiMail CEO Explains the Basics of Email Authentication in Wharton Podcast

ValiMail CEO and cofounder Alexander García-Tobar recently spoke on the Wharton Business School talk show “Bay Area Ventures.”

ValiMail Published on Dec 5

Email Authentication Accelerates, But Enterprises Struggle to Get It Right

Email Authentication Accelerates, But Enterprises Struggle to Get It Right

A bit like building a gate and then leaving it open. Photo credit: h.koppdelaney

More and more domains are adopting DMARC, the most modern and effective standard for authenticating email. That’s great news in the war against phishing and spam.

ValiMail Published on Dec 1

Homeland Security Chief Warns About Phishing Threat

Homeland Security Chief Warns About Phishing Threat

Homeland Security Secretary Jeh Johnson at an event in 2015. Photo credit: Gage Skidmore/Flickr

“The most devastating attacks by the most sophisticated attackers almost always begin with the simple act of spear-phishing.” — Homeland Security...

ValiMail Published on Nov 25

Email Impersonation Knows No Borders

Email Impersonation Knows No Borders

Hello...Elvis? Photo credit: Gunnshots

Email impersonation scams, also known as business email compromise (BEC) or phishing attacks, have risen 20 percent in the first nine months of this year, according to the Singapore police.

ValiMail Published on Nov 17

RSA Threat Report Reveals 308% Year-over-Year Phishing Rise

RSA Threat Report Reveals 308% Year-over-Year Phishing Rise

RSA reports a meteoric rise in phishing.

 RSA’s Q2 2016 Threat Report tells a strong story of phishing on the increase. Some of the reported statistics include:

Tim Callan Published on Nov 9

A Note from Our CEO: ValiMail Hits the Turbojets

A Note from Our CEO: ValiMail Hits the Turbojets

Every company hits an inflection point — a point at which it’s no longer “if” there’s a market but “how fast” the company can grow to meet that market demand. We hit that milestone in September when we turned down business so that the quality of our...

ValiMail Published on Nov 2

Can DMARC Do for Email What SSL Certificates Did for E-commerce?

Can DMARC Do for Email What SSL Certificates Did for E-commerce?

Email authentication can help secure our cloud services just like SSL did our servers. Image credit: FutUndBeidl

ValiMail CEO Alexander García-Tobar explores this question today in InformationWeek’s Dark Reading. The article explains how email’s...

Tim Callan Published on Oct 24

New Trump Email Security Concerns Extend to Email Authentication and DMARC

New Trump Email Security Concerns Extend to Email Authentication and DMARC

The tweet that started the whole thing.

The IT press is blowing up with stories about the insecurity of various Trump organization email servers. You can easily find dozens of them, but here’s one that will give you the fundamentals.

Tim Callan Published on Oct 19

Arizona Voter Registration System Hack Stemmed from Spear Phish

Arizona Voter Registration System Hack Stemmed from Spear Phish

The bears may have been at it again. Photo credit Marcin Wichary

In this season of beleaguered IT security for American political institutions, we all remember the recent attack against Arizona’s voter registration system. Last week Arizona...

Tim Callan Published on Oct 13

Government Guidance for Email Authentication Has Arrived in USA and UK

Government Guidance for Email Authentication Has Arrived in USA and UK

Photo courtesy of GDS Technology blog.

Tim Callan Published on Oct 5

Spear Phishing Attacks Now Aimed at Unlocking Mobile Devices

Spear Phishing Attacks Now Aimed at Unlocking Mobile Devices

Image courtesy of Joonas Kiminki and I guess the original phisher.

Unlocking a lost or stolen mobile device can be very difficult, as the news made quite clear earlier this year. While the FBI eventually found a way into Syed Farook’s iPhone,...

Tim Callan Published on Sep 27

Attention Governments: Defense, Not Warnings, Is the Answer to Phishing

Attention Governments: Defense, Not Warnings, Is the Answer to Phishing

It’s been all too common a story this year.

Tim Callan Published on Sep 21

Study: Even sophisticated users can’t resist clicking on links in emails

Study: Even sophisticated users can’t resist clicking on links in emails

Photo credit: Tim Franklin Photography

All too often, companies respond to the threat of phishing attacks by punishing the employees who fell for them and by promising to educate their staff better. That’s missing the point, as recent research out...

ValiMail Published on Sep 14

One of Europe’s biggest companies just lost $45M in a business email scam

One of Europe’s biggest companies just lost $45M in a business email scam

Leoni Group’s office in Bisitra, Romania, targeted by scammers.

Leoni AG, a billion-dollar (market cap) manufacturer of cables and cable harnesses for car manufacturers, announced last month that it had fallen victim to a business email compromise...

ValiMail Published on Sep 7

Email Is Far from Dead. In Fact, It’s Bigger Than Ever. [INFOGRAPHIC]

Email Is Far from Dead. In Fact, It’s Bigger Than Ever. [INFOGRAPHIC]

Lots of pundits have been talking about the “death of email,” but let’s get real. In fact, email keeps growing, and we all keep using it. That’s because it is an unmatched, critical communications tool for business on all levels: within companies,...

ValiMail Published on Aug 15

Canada Post warns of Phishing Scam , but Leaves the Door Open to Phishers

Canada Post warns of Phishing Scam , but Leaves the Door Open to Phishers

Canada Post mailbox. Photo by Cliffano Subagioa

The official postal service of Canada recently warned customers to be on the lookout for bogus emails that could trick them into clicking on a malicious link.

ValiMail Published on Aug 12

New Black Hat Research Names Phishing #1 Concern

New Black Hat Research Names Phishing #1 Concern

In the just-released 2016 Black Hat Attendee Survey, phishing far-and-away topped the list for the type of attack that scares security professionals today. This survey of 250 Black Hat attendees took place at last week’s Black Hat conference in Las...

Tim Callan Published on Aug 8

Email Authentication Infographic and Other Stories Worth Reading

Email Authentication Infographic and Other Stories Worth Reading

Don’t miss ValiMail in the news. Image credit: Jon S/Flickr

It has been a big news week for ValiMail. In addition to our presence in the Krebs on Security article I mentioned in an earlier blog post, ValiMail was also featured in these stories:

ValiMail Published on Jul 29

Krebs Gives Trump Campaign, DNC, RNC Failing Security Grade for DMARC

Krebs Gives Trump Campaign, DNC, RNC Failing Security Grade for DMARC

Tim Callan Published on Jul 25

Not Worried About BEC? Here’s How Bad It Can Get

Not Worried About BEC? Here’s How Bad It Can Get

Turns out some people have given away a whole lot of money to BEC scams. Image: thethreesisters/Flickr

Business email compromise, or BEC, has become an increasingly important vector for online criminals seeking high-value paydays.

Tim Callan Published on Jul 14

Why Training on Its Own Doesn’t Work as a Spear Phishing Defense

Why Training on Its Own Doesn’t Work as a Spear Phishing Defense

Training won’t get there on its own. Image: US Embassy/Flickr

A recent IT World Canada article discusses a presentation from June’s SC Congress security forum in Toronto. This presentation by security leaders from two large Canadian banks, RBC and...

Tim Callan Published on Jul 6

CMOs: Phishing puts your brand at risk

CMOs: Phishing puts your brand at risk

Don’t let phishing erode your customer’s trust. Image: Flickr/ Lars Plougmann

Email is the top communication channel for marketers to reach their customers and drive revenue. Unfortunately, email is also the preferred channel of cybercriminals,...

Jessie Witt Published on Jun 29

ValiMail in the WSJ: “Not surprised” by FBI report showing $3.1 billion lost to email scams

ValiMail in the WSJ: “Not surprised” by FBI report showing $3.1 billion lost to email scams

Image via flickr/Dave Newman

An FBI announcement released last week claimed that $3.1 Billion has been lost to business email compromise since January 2015 across 22,000 companies globally. ValiMail’s CEO Alexander García-Tobar told the Wall...

Jessie Witt Published on Jun 22

Corporations Understand DMARC Is Critical. So Why Can’t They Get to Enforcement?

Corporations Understand DMARC Is Critical. So Why Can’t They Get to Enforcement?

Photo credit: Chris Lim/Flickr

The Online Trust Alliance (OTA) recently published the 2016 results of its annual Online Trust Audit, an analysis of corporations’ attitudes towards security and their adoption of various security technologies.

ValiMail Published on Jun 14

What Uber can teach banks — and other enterprises — about email security

What Uber can teach banks — and other enterprises — about email security

Old bank vault door. Photo credit: John W. Iwanski/Flickr

Phishing scams are costing American businesses big bucks. A recent FBI report (.pdf) notes that the FBI received more than 7,800 complaints about email scams in 2015, with total...

ValiMail Published on Jun 8

Email Authentication Discussed in Huffington Post

Email Authentication Discussed in Huffington Post

The Huffington Post just featured an article detailing ten significant trends expected to change the world of email marketing in the near future. This article features a viewpoint from ValiMail co-founder and CEO Alexander Garcia-Tobar, who discusses ...

Tim Callan Published on Jun 7

DMARC Moves to Mainstream with Gartner Recommendation

DMARC Moves to Mainstream with Gartner Recommendation

In its recent report Fighting Phishing: Protect Your Brand Gartner lays out a series of recommended steps to reduce the impact of phishing in eroding trust for your brand. One of the paper’s key prescriptions is DMARC, complete with SPF and DKIM....

ValiMail Published on Jun 6

Blaming the Phishing Victim: Part 3

Blaming the Phishing Victim: Part 3

Scapegoat, anyone? Photo credit: Jen R/Flickr

We recently wrote about employees who lost their jobs after being tricked by spear phishing attacks, including breached payroll provider Alpha Payrolland Austrian manufacturer FACC, which fired both...

ValiMail Published on Jun 1

Senior Execs Fired for Spear Phishing Success

Senior Execs Fired for Spear Phishing Success

In the wake of the much-discussed payroll company that fired an employee for falling victim to a spear phishing scam, an Austrian manufacturer has fired its CEO and financial chief after the company gave away more than $50 million due to a CEO...

ValiMail Published on May 26

A Better Way to Respond to Phishing Attacks

A Better Way to Respond to Phishing Attacks

Photo credit: Joe the Goat Farmer

An employee at payroll service provider Alpha Payroll got fired for falling victim to a phishing scam, as CSO Magazine’s Steve Ragan reported recently.

ValiMail Published on May 18

W-2 Phishing Attacks Leave All Companies Exposed

W-2 Phishing Attacks Leave All Companies Exposed

Something is missing in our security plan here. Photo: Bill Smith/Flickr

If you have been following online security threats, you may think of phishing as a practice aimed at gaining the credentials to online financial accounts or other places...

ValiMail Published on May 18

Introducing ValiMail

Introducing ValiMail

Not actually a ValiMail rocket. Photo credit: NASA

From inception, our vision has been to do something unique and audacious: authenticate the world’s email. If we’re successful, the result will be the elimination of phishing attacks, much higher...

ValiMail Published on May 9

Anatomy of a Phishing Scam

Anatomy of a Phishing Scam

Fish drawing from 1801, via the Biodiversity Heritage Library/Flickr

Phishing attacks are on the rise, and they’re getting more effective, according to a recent report from Verizon.

ValiMail Published on May 3

Secure Email Gateways and Email Authentication — Entirely Different Yet Complementary Anti-Phishing Approaches

Secure Email Gateways and Email Authentication — Entirely Different Yet Complementary Anti-Phishing Approaches

Yep, we go together. Photo credit: Kristian Dye/Flickr

The ever-increasing waves of email phishing attacks have spawned a flurry of how-to articles offering advice on how to cope with the threat.

ValiMail Published on Apr 3

CEO to CFO phishing scams are on the rise. Here’s one we caught in the act.

CEO to CFO phishing scams are on the rise. Here’s one we caught in the act.

Don’t get caught like this fish. Photo: Lunar Wrasse via photopin.

There has been a lot of coverage in the media recently about spear phishingand the ‘CEO to CFO’ scam, and for good reason. Phishing attacks have been distressingly common...

Steve Whittle Published on Mar 18

Marketers Take Note: Gmail Might Turn You into a Question Mark

Marketers Take Note: Gmail Might Turn You into a Question Mark

ValiMail Published on Feb 12

Understanding Email Authentication Headers

Understanding Email Authentication Headers

Below the waterline, there’s a lot going on. Photo credit: Jeff Mikels

Emails look pretty simple at first glance. You have a To, From, Subject, and Body. There’s not much else to see, right?

ValiMail Published on Feb 4

The 4 Most Frequent Email Authentication Mistakes

The 4 Most Frequent Email Authentication Mistakes

ValiMail Published on Jan 27

Anti-Phishing Warnings from the Government Miss the Point — Again

Anti-Phishing Warnings from the Government Miss the Point — Again

ValiMail Published on Jan 20

Two Common Problems with SPF You’re Probably Overlooking

Two Common Problems with SPF You’re Probably Overlooking

ValiMail Published on Jan 12

If DMARC is so great, why isn’t everyone doing it?

If DMARC is so great, why isn’t everyone doing it?

Confusion reigns. Photo credit: 268/365 — Default State via  photopin

Email authentication — verifying that an inbound email really does come from the domain it says it comes from — is a problem for which a solution already exists. There’s...

ValiMail Published on Jan 5

Why You Shouldn’t Be Afraid to Insert Email Authentication into Your DNS

Why You Shouldn’t Be Afraid to Insert Email Authentication into Your DNS

Steve Whittle Published on Dec 21

FAQ: DMARC for Email Service Providers

FAQ: DMARC for Email Service Providers

Why email authentication matters: This is how non-authenticated email will look in Gmail and Outlook, starting sometime in 2016.

What is DMARC?

ValiMail Published on Dec 11

What Email Authentication Is — and Why It Matters

What Email Authentication Is — and Why It Matters

ValiMail Published on Dec 11

DKIM for ESPs: The Struggle of Living Up to the Ideal

DKIM for ESPs: The Struggle of Living Up to the Ideal

ValiMail Published on Dec 11