FAQs
If my domains are protected by DMARC and are at enforcement, what do I have to monitor? The Valimail platform is continuously monitoring for changes in the services that are allowed to send email using your domain. If a service stops authenticating, or if a new service appears, the platform will notify the Customer Service team. If necessary, they will contact you.
What does "at enforcement" mean? "At enforcement" means that you have a DMARC policy of quarantine or reject. Only these two policy settings will cause unauthenticated email to go to the spam folder or be rejected.
What does a spike in unauthenticated emails mean? If your domain is at enforcement, there is nothing to do. A spike in unauthenticated emails just means that these emails, which might indicate a phishing attempt, have been sent to the spam folder, or rejected, depending on your policy setting or the receiver's practice.
What if I see a new unauthenticated domain or sender? Valimail continuously monitors for new senders. If one appears, the Customer Success team will reach out to you. If you create a new domain, you need to contact Customer Success so they can add it to the platform.
Are all emails that fail authentication phishing attempts? Not necessarily. There are email messages that happen to get sent through some email forwarders, such as mailing lists, which damage information in the email needed for authentication. This is typically a very tiny percentage of overall mail flow.
Can I tell what domains are under attack? You can see attacks only by looking at each unauthenticated domain, and looking at the volume. There is always a background level of phishing that is going on, as automated attacks run continually.
Can I tell if I am being successfully phished? If you are at enforcement, then exact-domain phishing attacks will get blocked. This means you are protected against the primary, and most dangerous, form of phishing attack.
What should I check on daily, weekly, monthly? Each month, Valimail sends a monthly update email which includes graphs and data about email authentication performance during the month. The report includes the number of emails authenticated and blocked, number of domains that are not at enforcement, sending with enforcement, and blocked, and the passing and failing services for each domain. This monthly update gives you a high-level view of the status of your domains.
What do I need to set up two-factor authentication? First, you need to implement a SAML 2.0 - compliant SSO provider in your enterprise environment. Then, you can set up Valimail to authenticate users with that SSO provider. Implementations are available for OneLogin and Okta, and instructions can be found in Account Settings. Custom implementations can be made for other SSO providers as long as they are SAML compliant.
What does the Source of Email graph tell me? This map shows which countries are sources of email that claim to come from your domain. If you select Suspicious, you can see what would be happening if you were not using Valimail. The Top Countries list gives you an idea of which countries are the main source of suspicious emails. You may find that the United States or Canada are major sources, this can be due to email servers in those countries being used by overseas spammers.
What does the Email Disposition graph tell me? This graph shows the number of emails processed during the past 30 days. Emails can be allowed through, quarantined, or rejected by the DMARC authentication process. Any increase or spike in unauthenticated emails can be attributed to an attempted phishing attack, or possibly to a new service that has appeared. Quarantined and Rejected show the number of emails blocked by Valimail.
What does the Enforcement Status graph tell me? This graph tracks your progress to enforcement. Valimail can only track the customer domains that we have been told about. Ideally, all customer domains should be at enforcement or blocked from sending email.
What does the DMARC Status graph tell me? This graph shows a bar chart of the number of emails that pass or fail DMARC authentication. A spike in the number of emails failing DMARC may be evidence of a phishing or spam attack that was blocked.
How do I enable a sender? What should I consider before doing so? To enable a sender, please first contact Customer Success. Customer Success will determine if the sender is ready to be added as-is. If some configuration by the sender is required to properly support email authentication, Customer Success will work with the sender on your behalf.
Emails authenticate by SPF or DKIM, or fail to authenticate, but why does that matter to me? In the app dashboard, the DMARC Authentication Failure Rate graph shows failure rates for SPF and DKIM authorization separately. Any spike in unauthenticated email may indicate an attack that was successfully blocked, regardless of whether it was due to SPF or DKIM authorization failure.
How do I get and add a DKIM key? What do I have to do to make it work? To add a sender that uses DKIM, please introduce the Customer Success team to them, and CS will handle obtaining the key and configuring DKIM.
How do I see what email services the company is using? On the Authentication Status page, the authorized email services are shown in the enabled senders list.
What happens to emails that fail authentication? Do they get quarantined or rejected? This depends partially on what your policy setting is, be it none, quarantine, or reject. Generally, quarantine should mean that the email is sent to the spam folder. Reject means that the email will not get to the inbox, but some providers will reject, and some will mark the emails as spam or junk. However, because different email recipients handle this step differently, it is not possible to determine what actually happens.
What is SPF alignment or DKIM alignment? Alignment is required for DMARC. Alignment means that for SPF, the return path of the email is the same as the From address of the email. For DKIM, the domain that the DKIM key is associated with is the same as the From address. In order for an email to authenticate properly with DMARC, the email must pass either SPF or DKIM in an aligned way. Note that only one is required but passing both is fine.
Can I just whitelist IPs of services so that they send as me? Please contact Customer Success for this. We will determine if the third party service can send aligned email, which is required for authentication to work.