Michael Chester of Valimail recently shared insights on one of the most pressing issues facing MSPs today: email authentication. With spoofing, impersonation, and email-based fraud on the rise, Chester explains why moving from spoofing exposure to DMARC enforcement is now a business imperative.
Here are four lessons MSPs can take from the conversation:
1. Outbound Email Security Is Just as Critical as Inbound
Most MSPs know the dangers of phishing, malicious
attachments, and bad links sneaking into inboxes. But Chester makes it
clear: 91% of email spoofing involves impersonation, not malware.
That means bad actors don’t need payloads—they just need to convincingly pose
as your client’s CEO or finance team. Outbound authentication ensures no
one can send from your client’s exact domain, protecting brand reputation
and trust.
2. Email Authentication Is Now a Requirement, Not an Option
It’s not just a best practice anymore. Major mailbox providers like Google and Microsoft now require DMARC to ensure email deliverability. Without authentication, even legitimate invoices and support messages risk being blocked. For SMB clients, that’s not just a nuisance—it’s lost revenue and broken trust. MSPs who don’t implement DMARC risk putting their clients’ communication lifelines at risk.
3. Automation Makes DMARC Manageable for MSPs
DMARC reports come in massive XML files that are nearly impossible to sort through manually. Valimail and similar platforms use automation to turn these raw reports into actionable insights. Chester explains how MSPs can gain visibility into every sending service, identify anomalies like traffic from unexpected geographies, and apply enforcement without burning cycles on DNS tinkering. Automation lets MSPs scale DMARC across clients efficiently.
4. DMARC Builds Both Security and Revenue Opportunities
Chester emphasizes that SMBs are the biggest offenders in leaving email authentication undone—not because they don’t care, but because they’re overwhelmed. MSPs are their lifeline. By bundling outbound authentication with existing inbound email security solutions, MSPs not only safeguard clients but also add a valuable revenue stream to their service line. It’s a win-win: stronger client protection and recurring MSP income.
Why it Matters
MSPs have always been the unsung heroes of small business IT. From the pandemic to today’s AI-driven threat landscape, they’ve kept organizations alive and secure. As Chester highlights, protecting outbound email is no longer optional—it’s an essential piece of the MSP security stack.
