IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google targets phishing with full BIMI email logo authentication support

Gmail will tie logos to DMARC authentication

Brand Indicators for Message Identification (BIMI), a standard for visually proving an email’s legitimacy, got a boost today with the launch of a new automation tool from email security company Valimail and official support from Google

Launched as a formal specification in 2019, BIMI is a standard that lets companies define what marketing image is displayed next to emails sent from their servers. This image, which the BIMI working group calls a “brand assertation,” serves as visual proof that the message is authentic. 

BIMI uses DNS records to define the image, and it also relies on the Domain-based Message Authentication, Reporting, and Performance (DMARC) standard, which helps protect against phishing. This, in turn, relies on two other technologies: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). 

DMARC and its underlying technologies help to prevent email spoofing, in which phishing attackers fake a sender’s domain in an email’s “From:” field. DMARC enables administrators to publish their policy for authenticating and rejecting emails. 

When a DMARC-supporting email server receives an email, it uses DNS to look up the DMARC record for the alleged sender's domain. It then checks the mail's DKIM digital certificate to ensure it matches the alleged sender's DKIM certificate. It also verifies the message came from IP addresses listed in the SPF record. 

While not a security solution, BIMI uses these technologies to verify the image attached to an email is really from the sender. 

An incoming email server uses DMARC to authenticate the message. If the email passes the DMARC authentication, the email server uses DNS to retrieve the sender's BIMI image. The BIMI image then shows up next to the company's name in emails. 

Boosting its legitimacy, BIMI also got official support from Google following a year-long pilot project. The company will now officially support BIMI in Gmail, according to the AuthIndicators Working Group, which manages the BIMI effort. 

This official acceptance by Google means for an organization's logo to be eligible for display in Gmail, a brand must obtain a BIMI certificate confirming its right to use the image. These certificates are tied to registered trademarks from select jurisdictions. 

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMFree download

Several other companies also support BIMI in pilot mode, including Yahoo!, AOL, Netscape, and Fastmail. Comcast was also planning BIMI support as of last October. Microsoft, however, still has not signed on to the program. 

To help streamline this process, email security company Valimail, which claims to have “founded, named, and resourced the BIMI standard,” announced Amplify, a tool that automates BIMI support. With Amplify’s release, Valimain looks to make BIMI the baseline for all email security. 

Along with the new product, Valimail debuted partnerships with certificate providers DigiCert and Entrust to develop BIMI further and create a straightforward process for companies to enforce DMARC and Verified Mark Certificate (VMC).

Featured Resources

Big data for finance

How to leverage big data analytics and AI in the finance sector

Free Download

Ten critical factors for cloud analytics success

Cloud-native, intelligent, and automated data management strategies to accelerate time to value and ROI

Free Download

Remove barriers and reconnect with your customers

The $260 billion dollar friction problem businesses don't know they have

Free Download

The future of work is already here. Now’s the time to secure it.

Robust security to protect and enable your business

Free Download

Recommended

Cyber security in the retail sector
cyber security

Cyber security in the retail sector

28 Sep 2022
Cyber security in manufacturing
Whitepaper

Cyber security in manufacturing

28 Sep 2022
How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

27 Sep 2022
CIO Priorities: 2020 vs 2023
Whitepaper

CIO Priorities: 2020 vs 2023

23 Sep 2022

Most Popular

How to secure your hybrid workforce
Advertisement Feature

How to secure your hybrid workforce

23 Sep 2022
What your hybrid workforce needs from their laptops
Advertisement Feature

What your hybrid workforce needs from their laptops

21 Sep 2022
Why collaboration is key to digital transformation
Sponsored

Why collaboration is key to digital transformation

13 Sep 2022