Sendmarc startup was launched by CEO Sam Hutchinson, Keith Thompson, and Sacha Matulovich in 2020 off the back of selling their former startup: a communication platform that allowed businesses to send, deliver, and track email and SMS communications.
With Sendmarc, they sought to solve email impersonation issues their former clients faced, thereby making the internet safer for their new customers.
Sendmarc helps customers avoid email impersonation such as phishing and spoofing – from which over 90 percent of cybercrime starts – by locking down their email domains and monitoring for attempted abuse.
Subscribers have access to a suite of tools that implement, monitor and maintain global best practices for email and domain security.
The startup actively enforces its email and domain security protection for thousands of companies worldwide, including stock exchanges, banks, insurance companies, tech companies, retailers, municipalities, law firms, and law enforcement agencies in North America, Europe, Australia, South Africa, and Latin America.
So far, it has 1,000+ paying customers. Among them are South African stock exchanges, law firms such as Bowmans, insurance companies, tech startups, banks, and law enforcement agencies across North America, Europe, Australia, South Africa, and Latin America. Eighty percent of them are based in South Africa, while the rest are spread globally.
How it Works
DMARC
The main purpose of DMARC is to give email domain owners a way to protect their domain from unauthorized use, also known as spoofing.
By publishing a DMARC policy in their DNS records, domain owners can specify which mechanisms are used to authenticate email messages sent from their domain, and what to do if a message fails authentication.
This allows receiving mail servers to check the authenticity of messages and prevent them from being delivered if they fail the authentication check.
DMARC works by allowing a domain owner to publish a policy in their DNS records that specifies which mechanisms, such as SPF and DKIM, are used to authenticate email messages sent from their domain.
When a receiving mail server receives an email message, it checks the message’s headers to see if it includes a DMARC policy.
If the message includes a DMARC policy, the receiving mail server will check the message against the domain owner’s published policy to see if it passes authentication checks (namely, SPF and DKIM).
If the message fails authentication checks, the receiving mail server can take the action specified in the policy, such as quarantining or rejecting the message.
DMARC can be an effective tool against spam and phishing attacks that use spoofing to impersonate a legitimate domain.
By implementing DMARC and regularly monitoring their DMARC reports, domain owners can help prevent their domain from being used in these types of attacks.
However, it’s important to note that DMARC alone is not a complete solution for protecting against spam and phishing, and should be used in conjunction with DMARC, user awareness training, and the implementation of a secure email gateway.
Implementing DMARC can be somewhat complex, as it involves publishing a DMARC policy in your DNS records and regularly monitoring your DMARC reports.
If you’re not familiar with DNS and email authentication mechanisms, it’s ideal to work with an organization like Sendmarc to help set up your DMARC policy.
The Sendmarc tools also give you the visibility needed to monitor the progress of all your active domains (or customer domains) on an ongoing basis.
Additionally, Sendmarc provides tools that make the management of SPF, DKIM, and DMARC much easier.
SPF
SPF, or Sender Policy Framework, is an email authentication protocol that is designed to prevent spammers from sending messages with forged sender addresses.
It works by allowing the owner of a domain to publish a list of IP addresses or subnets that are authorized to send an email on their behalf.
When a receiving mail server receives an email message, it can check the message’s headers to verify that it was sent from an authorized IP address.
This helps to prevent messages with forged sender addresses from being delivered.
DKIM
DKIM, or DomainKeys Identified Mail, is an email authentication protocol that is designed to prevent unauthorized modifications to the contents of an email message.
It works by using cryptographic signatures to verify that the message has not been altered in transit.
When a message is sent, the sender’s mail server generates a digital signature for the message, which is added to the message headers.
The receiving mail server can then use the sender’s public key, which is published in the sender’s DNS records, to verify the digital signature and ensure that the message has not been tampered with.
SPF is focused on preventing forged sender addresses, while DKIM is focused on preventing unauthorized modifications to the contents of a message.
By implementing both SPF and DKIM, a domain owner can help ensure that their messages are delivered to the intended recipient and that the contents of the message have not been altered in transit.
SPF and DKIM Complementary
SPF and DKIM can be effective tools against spam and phishing attacks that use forged sender addresses or tampered-with message contents.
By implementing both SPF and DKIM and regularly monitoring their SPF and DKIM records, domain owners can help prevent their domains from being used in these types of attacks.
However, it’s important to note that SPF and DKIM alone are not a complete solution for protecting against spam and phishing, and should be used in conjunction with DMARC, user awareness training, and the implementation of a secure email gateway.
SEG
Sendmarc and your current Secure Email Gateway (SEG) complement each other in multiple ways.
By implementing DMARC with Sendmarc, you will provide your SEG with additional signals to effectively identify and reject impersonation emails.
Additionally, Sendmarc will protect your domain from impersonation attempts outside the perimeter of your SEG.
This means that every company and individual that receives mail from your domain will be able to easily distinguish between legitimate mail and attempts by attackers to impersonate your organization.
While your SEG is a crucial component of your security strategy, Sendmarc enhances that protection by ensuring that only legitimate mail is delivered, both to your organization and to the rest of the world.
Founders
Sam Hutchinson
Sam Hutchinson is the Co-Founder at Sendmarc.
An engineer and entrepreneur, Sam is one of Sendmarc’s three co-founders.
It was back in 2004, straight out of university, that he officially opened his first business, although he had started the company in his second year at university.
Originally called Prefix Technologies, it was later renamed Everlytic and acquired by a strategic investor in 2016.
For Sam there wasn’t any other option but technology as his industry of choice to work, having been obsessed with computers from childhood.
His passion for tech has grown stronger over the years, especially with it becoming more and more a part of everyone’s daily life.
In 2018 Sendmarc was born and having secured funding, the founding team set about building a business that would provide technology to make the internet a safer place.
He attended Stanford University Graduate School of Business.
Keith Thompson
Keith is one of Sendmarc’s three co-founders and he likes building stuff.
Before founding Sendmarc and then spending six months creating our product and making it launch-ready, Keith was at Everlytic building an enterprise-grade email, mobile, and social communication platform.
Keith and Sam started working together back in 2005 when straight out of university he joined Prefix Technologies as a junior developer. Together they went on to build Everlytic.
Having built Sendmarc 1.0, Keith and a brilliant engineering team are creating Sendmarc 2.0 bringing the next level of automation, intelligence, and user experience to our product, so that the internet can be safer for everyone.
Sacha Matulovich
Serial entrepreneur Sacha has founded companies in the media, telecommunications, technology, and financial services industries over the past two decades.
SENDMARC is his most recent venture, where he is one of three co-founders.
He founded his first company, Re: public Media Group in 2004, and is a founding partner in Birthmark Video and Telviva.com, all of which have been extremely successful.
Sacha, has extensive experience building businesses, defining strategy, developing and growing partnerships, and creating frictionless experiences.
At Sendmarc he helps bring all these parts together so we can be the best we can, and take the best route to where we want to go: making the internet a safer place.
Investors & Funding Rounds
Kalon Venture Partners
Sendmarc has secured an undisclosed amount of funding from Kalon Venture Partners, a South African venture capital fund.
So far, it has 1,000+ paying customers. Among them are South African stock exchanges, law firms such as Bowmans, insurance companies, tech startups, banks, and law enforcement agencies across North America, Europe, Australia, South Africa, and Latin America.
Eighty percent of them are based in South Africa, while the rest are spread globally.
These clients pay subscription fees between $49 and $119 monthly, depending on the company size, thus generating over $2 million in ARR for the two-year-old startup since 2021.
Atlantica Ventures led Sendmarc’s Series A round. It welcomed participation from Allan Gray, E-Squared Ventures, Fireball Capital, Endeavor Catalyst, 4Di Capital, Endeavor Harvest, Alpha Private Capital, and Kalon Venture Partners, the Johannesburg-based investor that provided Sendmarc with its seed funding in 2020. Sendmarc has raised $8.5 million since its inception.
The South African startup, which has offices in the Netherlands, Argentina, and Canada, intends to use the investment to increase its sales team across Africa, the U.S., Europe, and Latin America, according to Matulovich. And as cybercrime continues to rise, Sendmarc wants its dedication to email and domain security to play a critical role in protecting companies and users from the harmful effects of email impersonation across these markets.
Main Competitors
EasyDMARC: This is an All-In-1 solution for securing the client’s domain and email infrastructure.
Prelude Institute: It is a new form of higher education that focuses on helping transition people into the new labor market.
Gloo: This is a platform that helps drive personal growth by building deeper relationships.
Related:
Trygold: Story, Founders, Investors & Funding Rounds