ChatGPT is all an attacker needs to create phishing emails. Being able to prove one's identity in email communications is becoming more and more important.
BIMI, or Brand Indicators for Message Identification, is a standard for email that allows organizations to display their brand's logo in the recipient's email client next to their email messages. This helps to increase brand recognition and build trust with recipients by ensuring that they can easily identify the sender of the email.
BIMI works by using the existing DMARC (Domain-based Message Authentication, Reporting & Conformance) standard, which is used to authenticate email messages and prevent email spoofing. When a message is sent from an email domain that has a DMARC policy in place, the recipient's email client can use the information provided in the DMARC record to determine whether or not the message is legitimate. If the message is legitimate, the recipient's email client can then use the information provided in a BIMI record to display the organization's logo next to the message.
To use BIMI, an organization must first establish a DMARC policy on their domain and then publish a BIMI record that contains a link to the organization's logo. The logo should be in SVG format, and the BIMI record should be signed by the organization's DNS administrator to ensure that it is legitimate.
During 2020 GMail and Yahoo were running pilot programs, but BIMI moved to general availability in 2021. It is currently supported by Google, Apple, AOL-Yahoo, Laposte.net, Onet Poczta and Fastmail, and is under consideration or evaluation at other services like IONOS by 1&1, British Telecom, and Comcast. Google requires a special X.509 certificate called a Verified Mark Certificate (VMC) – this is obtained by presenting proof of trademark ownership to a certificate authority, known as a Mark Verifying Authority (MVA), where the trademark will be used in the BIMI-enabled logo. DigiCert and Entrust are currently able to issue VMCs.
Gmail now supports Common Mark Certificates (CMC), a new type of BIMI certificate being issued by Certificate Authorities (CA). CMCs allow a broader range of senders to utilize BIMI, who might not have the registered trademark required for a Verified Mark Certificate (VMC). With a CMC, the sender's brand avatar will be displayed without the Gmail verified checkmark that's displayed for VMCs.
What BIMI means for your brand ?
BIMI represents a massive opportunity for marketers to grow brand awareness and customer engagement:
- Billions of potential new brand impressions
- Increased email open rates (10% avg.) to boost ROI
- Control over how your brand logo is displayed globally
- Visual differentiation in the inbox improves engagement across devices
What should you do now ?
- Become DMARC compliant (Percent option (pct) must be set to 100)
- Make sure your logo is trademarked
- Ensure your logo is properly formatted
- Purchase a VMC