DMARC Bundling Threatens Valimail
Valimail
Valimail’s real risk is not that DMARC disappears, it is that DMARC setup becomes a checkbox inside bigger email suites. The company won by turning a messy DNS project into a one time setup with automatic sender approval, especially for Microsoft 365 customers. If Microsoft, Cisco, and Sophos make that workflow good enough inside products customers already buy, Valimail shifts from must have tool to add on specialist.
-
Valimail’s product advantage has been operational simplicity, not ownership of the protocol. Enforce lets a company publish one DNS change, then keep an always updated list of approved senders as marketing tools, billing systems, and support platforms send mail on its behalf. That saves security teams from manually editing SPF and DMARC records every time a new sender is added.
-
The customer overlap shows how narrow that wedge is. About 40% of Valimail customers also pay for Proofpoint, which means many buyers already use a broad email security suite for spam and phishing and use Valimail only for authentication. That makes DMARC one of the easiest pieces for an incumbent to bundle and compress on price.
-
The revenue profile reinforces the bundling risk. Valimail reached about $30M ARR in 2024 across 65,000 customers, or roughly $460 per customer, versus $10,000 to $20,000 average revenue per customer for Proofpoint and Mimecast. That gap suggests Valimail has many shallow relationships, while suite vendors monetize email security as a larger, stickier budget line.
The next phase is likely a move from pure authentication into broader email trust and enforcement workflows. The durable position is not helping a company turn on DMARC once, it is becoming the control layer that continuously approves senders, fixes deliverability problems, and proves identity across every system that sends mail.