What happens if Valimail’s DNS service is unavailable
If there is a problem with the Valimail platform it "fails open". This means that in the unlikely event that our service goes down, your email still flows, but it would be unauthenticated. For the few minutes it would take for the service to be restored, it would be potentially possible for your emailing domain to be spoofed.
Valimail provides our customers the ability to check the availability of our platform as well as the option to subscribe to get notified in the event of an incident here.
You can find Valimail status updates at status.valimail.com
What do we mean by failing open?
Valimail manages your _dmarc and _domainkey records. In the unlikely event of our DNS being unavailable, a receiver querying for your DMARC record would not get an answer. The receiver would treat the domain as if there is no DMARC record, meaning that there is no policy in place. The same goes for your DKIM keys as Valimail will not respond to queries against _domainkey.
SPF "fail open" works differently than DMARC/DKIM since we are using a TXT record and not a delegation. The SPF record that Valimail provides its customers ends with a softfail (~all). If Valimail's service were to go down, our include statements would not work, and the querying entity would get an SPF softfail result causing SPF to fail open. With no DMARC policy in place during this brief period the softfail will have no effect on the message reaching the intended recipient.