You are probably used to getting emails that appear to be from a financial institution or online store you frequent. They direct you to click a link to verify your identity or fix your account. But something tips you off that the email isn’t real. Google wants to make it easier for you to differentiate fake emails from real ones. It wants to increase your security in Gmail by adding Brand Indicators for Message Identification (BIMI).
Google Finally Rolling Out BIMI for Gmail
This has been an effort that was more than a year in the making. Google announced BIMI for Gmail last year, and in a recent blog post said it was finally ready to start rolling out the feature in the coming weeks.
The blog post claimed that “creating a secure-by-default experience based on robust defenses has always been a core principle for Gmail.” Yet, now the goal has been extended with BIMI and a focus on strong sender authentication for all email.
The intention behind BIMI is to increase confidence in where emails originate. Bank of America appreciates the ease it provides. “Bank of America has a wide range of security measures in place to support our customers, and we constantly evolve our program to deliver best in class protection. Part of this effort is our partnership with Google on BIMI, which provides an easy way to validate if correspondence is from us,” said the financial institution.
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a current standard to provide sender authentication. It allows for better filtering to validate the owner of the logo and sends the results to Google. BIMI helps organizations already using DMARC validate the logos shown in their sent emails.
How Gmail Security with BIMI Works
The blog post explains how BIMI works iwth a long string of acronyms: “Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other antiabuse checks, Gmail will start displaying the logo in the existing avatar slot.”
Google sees this as just the beginning for BIMI. It’s expected that we’ll see support expand to more logo types and validators. BIMI is starting the expansion with trademarked logos, as they are often faked.
Organizations that want to use BIMI were advised in the blog post to ensure they are using DMARC and that their logo has been validated with a VMC. Gmail users who want to be sure they are opening a safe email that has been validated by BIMI do not need to take any action.
Google promises that it’s “proud to be one of the leading members in both establishing and supporting the BIMI standard and will continue to support efforts that contribute to security for the entire email ecosystem.”
Read on to learn important Gmail security tips to secure your account, and follow the tips in this guide if your Gmail is not working.
Image Credit: Google
