Authentication standard drives email ecosystem closer to a universal “no auth, no entry” philosophy

SAN FRANCISCO — September 12, 2022 — Apple has joined the growing list of email technology companies implementing Brand Indicators for Message Identification (BIMI), a broad industry effort to enable email inboxes like Apple Mail to display brand logos beside authenticated email, securely, at scale and in a standardized manner.

BIMI provides a secure, uniform framework enabling email inboxes globally to display sender-designated logos for authenticated messages. It also includes protections to prevent senders from being fraudulently impersonated by criminals. For instance, a bank could use BIMI to display its logo next to authenticated messages sent from its domain — giving the bank control over which images are displayed across multiple email clients, and providing brand exposure as well as protection against spoofing. 

The AuthIndicators Working Group (bimigroup.org), which is developing the BIMI standard, is a vendor-neutral committee of companies working to create a richer, more trustworthy inbox experience for all email users  by increasing the use of authentication to reduce email fraud. The Working Group applauds Apple for implementing BIMI in its iOS16 and MacOS Ventura releases this fall. Members of the working group include Google, Fastmail, Mailchimp, Proofpoint, Twilio, Validity, Valimail and Yahoo.

Apple’s commitment to BIMI will enhance the email experience for its estimated 58.4% of desktop client market share.  BIMI enabled logos will only be displayed when both the email and the logo are properly authenticated. Specifically, the email must be authenticated through the Domain-based Message Authentication, Reporting & Conformance (DMARC) standard, with enforcement set to quarantine or reject. The logo also must be validated through a Verified Mark Certificate (VMC), to prove the authenticity & ownership of the logo for use by the sending domain.

With 90% of cyberattacks starting from email, the AuthIndicators Working Group is advocating for brands to protect themselves. Despite this number, many brands have failed to implement DMARC, or the underlying authentication standards DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF), leaving their domains unprotected from unauthorized use and their customers and employees vulnerable to phishing. BIMI offers brands a measurable boost while  protecting their brand, employees and consumers from harmful phishing attacks. Email providers, including Yahoo Mail, have seen a 10% increase in engagement when inboxes include verified brand logos next to email messages, giving digital marketers a powerful incentive for adoption.

“Once DMARC has been enforced, BIMI is an important next step to build consumer experience and trust in email,” said Seth Blank, chair of the AuthIndicators Working Group and Valimail’s Chief Technology Officer. “As an industry-wide effort to advance security through broader adoption of strong email authentication, BIMI gives brands a tangible benefit by giving them control of the logo associated with their messages, driving new impressions and a better experience for their customers.”

“Email is the most powerful brand to consumer medium in the world,” said Marcel Becker, Sr Director of Product Management at Yahoo. “BIMI has been largely impactful, increasing open and engagement rates, for the brands that rely on Yahoo Mail to reach their audience. Apple’s participation will be huge for the user experience of consumers and brands big and small.”

For companies seeking to experience the full power of BIMI and learn more about project participation, please visit bimigroup.org

###

About the AuthIndicators Working Group:

The AuthIndicators Working Group (bimigroup.org), which is developing the BIMI standard, is a vendor-neutral committee of companies working to create a richer, more trustworthy inbox experience for all email users worldwide through increasing the use of authentication to reduce email fraud.