Gmail rolls out support for BIMI email authentication

13 Jul 2021

Image: © Romain TALON/Stock.adobe.com

Users should begin seeing brand logos next to verified emails in their inbox in the coming weeks.

Google has announced that it plans to roll out Brand Indicators for Message Identification (BIMI) on all Gmail accounts in the coming weeks.

The BIMI standard allows organisations to have their logos appear next to authenticated emails in a user’s inbox. Google first announced a pilot of the feature a year ago, having joined the industry working group in 2019.

BIMI is also backed by Mailchimp, Fastmail, Vailmail, and Verizon Media – owner of AOL and Yahoo. Yahoo and AOL email clients already fully support BIMI.

The standard aims to reduce the incidence of phishing and other email-related scams by providing users with assurance that an email originated with its reputed sender. It operates an extension of Domain-based Message Authentication, Reporting and Conformance (DMARC), another security standard which allows email systems to verify that a sender is actually operating from the address they claim to be.

An example of the BIMI feature from Google.

Image: Google

According to Vailmail, more than 3bn false-domain emails are sent per day. Additionally, a 2019 report from Barracuda Networks found that 83pc of targeted phishing attacks, also known as spear phishing, rely on brand impersonation.

Support Silicon Republic

Organisations that already send DMARC-secured emails can provide their logo to Google in the form of a “Verified Mark Certificate” and have it begin to appear in recipients’ Gmail inboxes. Gmail users do not need to do anything to begin receiving BIMI-enabled emails.

On top of security benefits, the BIMI industry group says the feature increases engagement with emails. During a trial of the feature with Yahoo in May 2020, brands reportedly saw a 10pc increase in consumer interaction with emails when they appeared next to authenticated logos.

Bank of America is one of the first major brands to sign up to send BIMI-enabled emails. Making the announcement, the company said: “Bank of America has a wide range of security measures in place to support our customers, and we constantly evolve our program to deliver best-in-class protection. Part of this effort is our partnership with Google on BIMI, which provides an easy way to validate if correspondence is from us.”

Seth Blank, chair of the BIMI industry group, said: “Gmail’s support of BIMI is a win for email authentication, brand trust, and consumers alike. BIMI gives organisations the opportunity to provide their customers with a more immersive email experience, strengthening email sender authentication across the entire email ecosystem.”

Phishing and similar scams are becoming ever more commonplace, with Irish phone customers the target of numerous fraudulent text campaigns in recent months. Remote working poses particular security challenges.

Jack Kennedy is a freelance journalist based in Dublin

editorial@siliconrepublic.com