Jul 21, 2020

Valimail salutes Google for its support of BIMI

Lower part of a boy in casual shoe walking up outdoor colorful staircase,children lifestyle successful concept

Google announced today that it will be launching a pilot for BIMI (Brand Indicators for Message Identification), a new email specification, in Gmail.

This is a major step forward for user experience and security in the world of email.

At Valimail, we’re especially excited for this new phase in the maturation of the BIMI specification. Valimail has a deep and longstanding commitment to advancing and upholding open standards that benefit the entire ecosystem, such as BIMI. We have been involved in the development of BIMI for years now. Our co-founder and CEO Alexander García-Tobar was one of the co-founders of the working group creating BIMI, and our VP of standards and new technologies, Seth Blank, is currently its chair.

BIMI provides a standardized way for a domain owner to publish their logo in DNS, so mailbox providers can use that logo alongside any authenticated emails that they receive from that domain. Instead of a generic letter or in the mailbox provider’s best guess at your logo, BIMI allows you to securely transmit your brand’s exact logo alongside your message, providing a more immersive experience for your customers.

BIMI is important because it incentivizes the entire ecosystem to adopt email authentication at enforcement, which will make email more secure and more trustworthy for all internet users.

That’s because there’s an essential prerequisite to using BIMI: The standard requires that brands use DMARC with an enforcement policy, covering their organizational domain and all subdomains.

As Vailmail’s Seth Blank states in Google’s blog, “For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone.”

In addition, Gmail is requiring that domain owners adopt the highest level of validation defined in the spec by securing a Verified Mark Certificate (VMC), also known as a “BIMI certificate,” to validate the authenticity of their logos. The Google pilot is the first to use VMCs to validate logos, which advances the security of the standard and helps prevent spoofing. VMCs can be obtained from participating certification authorities (CAs), including Entrust Datacard and DigiCert, which recently announced a partnership with Valimail, to provide an easy way for companies to get BIMI-ready.

In short, BIMI gives domain owners a huge incentive to make their sending domains more secure. That in turn decreases the likelihood of phishing emails spoofing their brands, because it eliminates a major type of impersonation: The exact-domain spoof.

We welcome this development and look forward to the results of Gmail’s pilot — and we are hopeful that BIMI will become widely adopted in the near future.

Valimail also offers several resources to help domain owners get ready for BIMI:

  • Valimail’s free BIMI readiness checker tells you, in seconds, whether your domain is BIMI-ready, and what exactly you must do in order to get BIMI-ready.
  • Our DMARC Monitor product (also free) provides industry-leading DMARC monitoring and visibility capabilities, helping domain owners configure and manage their DMARC records and get to enforcement faster than they can with any other vendor.

In addition, we’ve got a wealth of informative material on getting ready for BIMI.

And sign up for our free BIMI readiness kit, which is packed with resources on implementing DMARC, getting to DMARC enforcement, and other things you need to get ready for BIMI.

Subscribe to our newsletter