We saw the first hints of Brand Indicators for Message Identification (BIMI) being introduced by Google last year in a trial, now it’s coming to the masses. In theory, for users, if there’s an official logo displayed on a received email that verifies the sender, but there’s a lot more to it as outlined in a recent blog post:
Here’s how it works: Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC). BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.
While BIMI does bring with it some assurances that email has gone through rigorous checks, it’s not failsafe. The online world is a dangerous place at times and users should remain vigilant. After all, it’s possible that there may be a relatively simple way to circumvent these checks and still display the business logo. At the end of the day, reputable businesses will never ring or email you asking you to provide usernames or passwords: Don’t do it!
Users wanting to take advantage of the feature don’t need to do anything but wait as the rollout has already started.