Google has joined the growing list of email technology companies developing Brand Indicators for Message Identification (BIMI), a broad industry effort to enable email inboxes like Gmail to display logos beside authenticated email, securely and at scale.
BIMI provides a secure, global framework enabling email inboxes to display sender-designated logos for authenticated messages. It also includes protections to prevent senders from spoofing logos owned by other organizations. For instance, a bank could use BIMI to display its logo next to authenticated messages sent from its domain giving the bank control over which images are displayed and providing brand exposure as well as protection against spoofing.
The AuthIndicators Working Group (bimigroup.org), which is developing the BIMI standard, is a vendor-neutral committee of companies working to create a richer, more trustworthy inbox experience for all email users worldwide through increasing the use of authentication to reduce email fraud.
“We welcome Google’s contributions to this important new standard,” said Seth Blank, the chair of the AuthIndicators Working Group and Director of Industry Initiatives at Valimail. “This is excellent news for the email ecosystem, in which Google plays a significant and positive role. We look forward to working with Google to increase the security and impact of BIMI.”
BIMI will work only when both the email and the logo are properly validated. Specifically, the email must be authenticated through the Domain-based Message Authentication, Receiving & Conformance (DMARC) standard, and the domain owner must have specified a DMARC policy of enforcement at quarantine or reject. The logo also must be validated by a third party, who will issue a new type of certificate, called a Verified Mark Certificate, or VMC certificate, to prove the authenticity of the logo for use by the sending domain.
“We look forward to contributing to the development and improvement of BIMI,” said Neil Kumaran, Product Lead for Gmail Anti-Abuse and the vice-chair of the AuthIndicators working group. “We believe BIMI is promising and is heading in the right direction; we’re excited to be a part of crafting the future of the standard.” Google’s pilot of BIMI is expected to launch next year.
The AuthIndicators Working Group’s public members include Agari, Comcast, Google, LinkedIn, Return Path from Validity, Valimail, and Verizon Media.
Verizon Media began a trial of BIMI across all web and mobile Yahoo Mail properties in 2018. Other mail providers are expected to launch BIMI trials throughout the next year.
“We saw two immediate benefits as the result of our BIMI beta in Yahoo Mail,” said Marcel Becker, Director of Product Management for Verizon Media. “We were able to provide better and more accurate brand logos as part of our consumer mail experience and BIMI clearly provided an incentive to accelerate the adoption of DMARC among those brands. Expanding the adoption of BIMI beyond that beta will be a clear win for senders and consumers.”
Valimail, Return Path from Validity, and Agari offer services to domain owners who have authenticated their domains with DMARC at enforcement and want to take advantage of BIMI’s ability to display their logos in end-user inboxes. Entrust Datacard and DigiCert will act as third party logo validators, with trial VMC certificates available for use later this year.
“As email vendor involvement in AuthIndicators expands, we will begin the next phase of BIMI’s growth engaging brands to participate in the pilot by deploying BIMI using VMC certificates,” said Blank. “We’re excited to measure the impact of this effort and make it accessible to brands globally over time.”