Today, Google announced the launch of its pilot of BIMI (Brand Indicators for Message Identification) in Gmail, an email specification developed by the AuthIndicators Working Group that allows brand logo display within authenticated emails.
The AuthIndicators Working Group is thrilled that Gmail is helping push the specification forward. In the coming weeks, BIMI pilots will be active at Google and Verizon Media; in the coming year, additional pilots will begin at other major mailbox providers. Of particular note is the inclusion of Verified Mark Certificates (VMC) as a requirement in Gmail’s pilot. VMC’s are the highest level of verification defined in the BIMI spec, and help to reduce the danger of spoofing by verifying that senders own the logo they’re transmitting. While Gmail is the first to pilot VMC, it’s expected that this component will receive wide adoption amongst mailbox providers.
BIMI provides a standardized method for publishing a logo in DNS for use alongside received emails, and it gives domain owners the ability to suggest a specific image be displayed. (See our BIMI FAQ as well as our implementation guide for more details.)
Gmail’s primary motivation in piloting BIMI is to strengthen the email ecosystem by increasing the adoption of strong authentication through DMARC. This aligns with the AuthIndicators mission. BIMI incentivizes email senders to strengthen their security posture by protecting their domains against spoofing, decreasing the likelihood of phishing and increasing the trustworthiness and security of email for all users. That incentive is logo display, which enriches the inbox and increases consumer engagement.
The ultimate goal of BIMI is to extend adoption of DMARC at enforcement, on a global scale, in order to increase the security and trust of an open, standards-based email ecosystem that is regularly used by more than half the planet’s human population. The Gmail pilot advances BIMI to an exciting new stage, and the coming months will be a critical real-world demonstration of the specification.
- DMARC enforcement
- The DMARC policy must be at enforcement on the organizational domain, which means that the policy must be ‘p=quarantine’ or ‘p=reject’, without sp=none, or a pct= less than 100.
- A Verified Mark Certificate (BIMI certificate) for the logo
- VMCs exist to validate ownership of an organization’s logo; the certificates are based on registered trademarks of the logo/image. VMCs will be issued by two BIMI-qualified Certification Authorities – Entrust DataCard and DigiCert.
The AuthIndicators Working Group expects that VMCs will become a more widespread requirement across all mailboxes that display BIMI logos, not just the Gmail pilot, and is working to make these more broadly accessible.
The long term projection is that this will lead to significant uptick in DMARC adoption. The established security and protection benefits alongside the new direct benefits to the email marketing channel are tangible to ESPs and brand marketers alike. Since ESPs are a primary source of commercial email, this is particularly exciting news for them and their customers. As a reward for protecting their domains, brands will be able to leverage logos to improve engagement and conversions on mailstreams deployed through their ESP. The convergence of email performance and email ecosystem health is groundbreaking!
The AuthIndicators Working Group membership consists of Fastmail, Google, LinkedIn, Twilio SendGrid, Validity, Valimail, and Verizon Media, as well as many passionate individual contributors with deep industry experience, all of whom have contributed significant time and resources to the development, testing, evangelizing, and deployment of this standard.
The AuthIndicators Working Group would also like to thank two certification authorities, Entrust Datacard and DigiCert, for their efforts in aiding the development of the validation procedures. To get ready for wide-spread adoption of BIMI, we encourage organizations to start the journey of getting DMARC enabled today. For additional information about implementing BIMI, visit https://bimigroup.org/implementation-guide/.