Valimail Carves DMARC Niche
Valimail at $30M ARR
Valimail wins by solving one painful email job better than the big suites, not by trying to replace them. Proofpoint and Mimecast sell broad email security bundles for large budgets, while Valimail focuses on the messy operational work of getting DMARC actually live across every service that sends mail for a company. That matters because a modern company may send email from Microsoft 365, Salesforce, Zendesk, marketing tools, and internal systems all at once. Valimail built a freemium funnel and channel driven model around that narrow problem, which let it reach 65,000 customers and still coexist inside accounts that already pay for larger security platforms.
-
The product wedge is implementation, not detection. Proofpoint and Mimecast include DMARC as one feature inside broader anti phishing and spam stacks, while Valimail automates sender inventory, DNS changes, and enforcement so IT teams can approve legitimate senders with far less manual work.
-
The economics are different. Valimail starts around $5,000 to $8,000 per year for enforcement and uses a free monitoring product to acquire users, which helps explain about $30M ARR across 65,000 customers. Proofpoint and Mimecast operate at far higher customer spend levels, around $10,000 to $20,000 ARPC in this market context.
-
The market opened because mailbox providers turned DMARC from a nice to have into table stakes. Google said bulk senders would need stronger authentication by February 2024, and Yahoo began enforcement in February 2024, which made specialist automation more valuable even for customers already using incumbent security suites.
Going forward, the prize is to turn a narrow compliance tool into core email infrastructure. If DMARC enforcement becomes standard everywhere, the durable winners will be the vendors that become the system of record for who is allowed to send on a company’s behalf, then layer brand display, deliverability, and broader identity controls on top.