Valimail expanding into identity and access

The real expansion path is from email authentication into SaaS discovery and policy control. Valimail already maps which services are sending as a company, which ones are approved, and which ones are unknown, so it sits on a live inventory of outside tools touching the corporate domain. That is the raw material identity and access products use to answer a simple question, which apps and systems are acting on the company’s behalf, and should they be allowed to keep doing it.

• Valimail’s product is not just blocking spoofed mail. It identifies sending services by name, shows authorized and unauthorized senders, and lets admins move domains to reject mode so unknown services cannot keep sending. That turns DMARC setup into a continuous approval workflow for third party apps using company identity.
  2 sacra 3 valimail 4 valimail
• The Microsoft connection matters because Microsoft 365 is where many companies already manage workforce identity and email. Valimail’s Office 365 integration was built to show every sender using a customer domain, and Microsoft marketplace material frames the joint value as sender verification plus broader phishing protection.
  4 valimail 5 valimail
• The company is still selling a focused point solution, not a full identity suite. At roughly $30M ARR in 2024 and about 65,000 customers, Valimail is far smaller than bundled email security vendors like Proofpoint and Mimecast, which means adjacent identity products are the clearest path to larger contracts and deeper enterprise relevance.
  1 sacra 6 microsoft

The next step is software that turns email sender visibility into access decisions. If Valimail can move from showing that an unknown tool is sending mail to automatically routing that signal into app approval, offboarding, and governance workflows, it can grow from a narrow email layer into part of the system enterprises use to control shadow IT across their SaaS stack.