DoD and Federal Contractors (GCC High)
Although Dynasend is not explicitly GCC High compliant at this moment (August 2025), we have been in discussions with a large DoD contractor and are exploring a pathway to GCC High compliance.
One of the most significant obstacles email signature vendors have in achieving GCC High compliance is the use of architecture that routes email messages through the vendor's server to apply the signature. This is a complete deal-breaker for GCC High compliance. Fortunately, Dynasend has zero access to any of your emails because the signature is injected directly into Outlook messages during composition. As a result, we immediately bypass the largest GCC High hurdle faced by many of our competitors.
The next issue that arises is the requirement to have FedRAMP Moderate authorization or higher, if an Azure / Entra ID sync is to be established. We do not have this authorization, nor does any email signature vendor, as far as we can tell.
However, this obstacle can be circumvented as by skipping the Azure / Entra ID sync, and instead importing user data directly via spreadsheet or by manual user input (via our user portal). This approach gets us one step closer to GCC High compliance.
Additionally, GCC High and DoD cannot use the standard Dynasend add-in (available form the AppSource marketplace), as all the authentication procedures need to use different URLs (that cannot be detected at runtime).
Our planned approach is to deploy (to the AppSource marketplace) a version of the Dynasend add-in specifically for Commercial/GCC. We will detect GCC by the email domains ending with .mil / .gov.
This version of the Dynasend add-in will be a custom build for GCCHigh and DoD that uses the right endpoints for their authentication procedures. (i.e. the standard add-in uses graph.microsoft.com but the Commercial/GCC add-in uses graph.microsoft.us
Finally, there is a requirement for storing user data in the AWS GovCloud (or similar). We do not currently have this set up, but it can be done quite quickly in the case of a GCC High client coming onboard with our service.
Note: Configuration of a GCC High compliant program is by special request and may involve additional lead time.
Additionally, it's useful to note that GCC High Compliant has been created in part "to meet strict compliance requirements for small to medium-sized contractors as they control the flow of Controlled Unclassified Information (CUI)." Source: Summit 7 / 2023
What is Controlled Unclassified Information (CUI)? According to the National Archives, Controlled Unclassified Information (CUI is):
Because Dynasend does not collect or store data rising to the level of Controlled Unclassified Information (CUI), and because Dynasend does not pull data directly from your O365 tenant, we believe that we can possibly serve DoD and Federal contractors without offering a GCC High Compliant service ourselves.