Google targets phishing with full BIMI email logo authentication support

Gmail will tie logos to DMARC authentication

Brand Indicators for Message Identification (BIMI), a standard for visually proving an email’s legitimacy, got a boost today with the launch of a new automation tool from email security company Valimail and official support from Google

Launched as a formal specification in 2019, BIMI is a standard that lets companies define what marketing image is displayed next to emails sent from their servers. This image, which the BIMI working group calls a “brand assertation,” serves as visual proof that the message is authentic. 

BIMI uses DNS records to define the image, and it also relies on the Domain-based Message Authentication, Reporting, and Performance (DMARC) standard, which helps protect against phishing. This, in turn, relies on two other technologies: Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM). 

DMARC and its underlying technologies help to prevent email spoofing, in which phishing attackers fake a sender’s domain in an email’s “From:” field. DMARC enables administrators to publish their policy for authenticating and rejecting emails. 

When a DMARC-supporting email server receives an email, it uses DNS to look up the DMARC record for the alleged sender's domain. It then checks the mail's DKIM digital certificate to ensure it matches the alleged sender's DKIM certificate. It also verifies the message came from IP addresses listed in the SPF record. 

While not a security solution, BIMI uses these technologies to verify the image attached to an email is really from the sender. 

An incoming email server uses DMARC to authenticate the message. If the email passes the DMARC authentication, the email server uses DNS to retrieve the sender's BIMI image. The BIMI image then shows up next to the company's name in emails. 

Boosting its legitimacy, BIMI also got official support from Google following a year-long pilot project. The company will now officially support BIMI in Gmail, according to the AuthIndicators Working Group, which manages the BIMI effort. 

This official acceptance by Google means for an organization's logo to be eligible for display in Gmail, a brand must obtain a BIMI certificate confirming its right to use the image. These certificates are tied to registered trademarks from select jurisdictions. 

Related Resource

Aberdeen Report: How a platform approach to security monitoring initiatives adds value

Integration, orchestration, analytics, automation, and the need for speed

White text against a pink-red background - whitepaper from IBMDownload now

Several other companies also support BIMI in pilot mode, including Yahoo!, AOL, Netscape, and Fastmail. Comcast was also planning BIMI support as of last October. Microsoft, however, still has not signed on to the program. 

To help streamline this process, email security company Valimail, which claims to have “founded, named, and resourced the BIMI standard,” announced Amplify, a tool that automates BIMI support. With Amplify’s release, Valimain looks to make BIMI the baseline for all email security. 

Along with the new product, Valimail debuted partnerships with certificate providers DigiCert and Entrust to develop BIMI further and create a straightforward process for companies to enforce DMARC and Verified Mark Certificate (VMC).

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Recommended

How to use machine learning and AI in cyber security
Security

How to use machine learning and AI in cyber security

30 Jul 2021
Chipotle’s marketing email hacked to send phishing emails
phishing

Chipotle’s marketing email hacked to send phishing emails

29 Jul 2021
The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

29 Jul 2021
Colonial Pipeline hack spurred copycat attacks on other oil and gas companies
hacking

Colonial Pipeline hack spurred copycat attacks on other oil and gas companies

29 Jul 2021

Most Popular

The benefits of workload optimisation
Sponsored

The benefits of workload optimisation

16 Jul 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021