Finally we can announce that Gmail is now widely supporting BIMI, making it accessible to nearly 2 billion inboxes and bringing years of efforts and collaboration to fruition.
Brands’ abilities to control their logos when sending emails, newsletters, receipts and offers is invaluable. Like those using consistent vanity URLs and display names across social media profiles, BIMI’s approach gives control to brands of their own imagery, offering consistency, conveying trust and increasing recognition and reach.
To use BIMI effectively, domains must implement Domain-based Message Authentication, Reporting & Conformance (DMARC) to ensure proper validation of both emails and logos. Since 89% of all phishing attacks start with sender identity fraud, DMARC is an essential safeguard. It prevents bad actors from using BIMI to sow further confusion. This basic practice also promotes security hygiene and encourages brands to take better precautions against phishing attacks by deploying and enforcing email authentication.
Organizations who authenticate their emails using SPF or DKIM and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Certification Authorities to verify logo ownership and provide proof of verification in a VMC. Authenticated emails then run through Google’s anti-abuse mechanisms that further help protect users, and after satisfying those checks, Gmail will start displaying the sender’s trademarked logo in the Gmail UI. Currently, an organization’s registered trademark validates a BIMI certificate. While VMCs are currently tied to registered trademarks from select jurisdictions, future plans may expand access to include both additional jurisdictions and options for unregistered trademark logos.
This is just the start for BIMI; the standard expects to expand support across two dimensions: supported logo types and supported validators. For logo validation, BIMI is starting by supporting the validation of trademarked logos, as they are a common target of impersonation. Know more: www.certbimi.com.
Why adopt BIMI?
With this simple visual check, recipients can recognize and trust incoming messages.
But if you already have SPF, DMARC and DKIM, why do you need BIMI? Good question. Let’s take a high-level look at each one to identify the main features:
- BIMI: add your logo to your inbox emails so that subscribers can quickly identify your messages and trust that they are yours.
- SPF: authenticates your email to identify email servers that are allowed to send email from a specific domain.
- DKIM: adds a digital signature to emails so that destination email servers know that your domain has sent the message and you are responsible for the content of the message.
- DMARC: specifies destination email servers how to handle emails that are not authenticated using SPF or DKIM (accepting, spamming or rejecting).
Looking at this list of verification methods, BIMI is the only visual clue that a typical email user can use to identify the origin and authenticity of a message. It is therefore a visual way to show your recipients that you have adequate DMARC protection and that email is reliable.
BIMI can help recipients recognize and trust your brand in the inbox. This confidence leads to fewer subscription cancellations and spam complaints, which can play an important role in increasing delivery capacity. Your brand becomes more reliable.
In addition, you get another layer of protection against phishers and spoofers who try to impersonate your brand. Without the standard tracking logo, recipients will be wary of messages that claim to be you. And when BIMI becomes more widely adopted, spam and phishing (in general) will become even more obvious, as they will not have certified and recognizable logos.
Finally, BIMI allows you to market your brand easily and automatically. Recipients will connect the return address, subject line and header text to your logo, helping to further strengthen your brand.
Start your project right now!
End-to-end BIMI Certification Project. Contact our team to start your BIMI project. Now certification is available, and companies that already meet the prerequisites can apply for it. At this point, the brand must be analyzed and if necessary adjusted and the DMARC policy correctly configured.