BIMI

Google launches BIMI pilot to bring Brand logos to Gmail, DMARC

Google stated that on Tuesday (21st July 2020) it is starting a long-awaited Google BIMI pilot with a limited number of senders.
Two certification authorities will validate logo ownership: Entrust Datacard and DigiCert.

Google has recently unveiled a couple of safety features including support for a new email specification that permits verified brands to display their logos within the Gmail avatar slot — no matter who the sender’s email client or service provider is.
Brand Indicators for Message Identification (BIMI) is an emerging specification that enables companies to deploy their brand logo consistently across email clients. BIMI may be a broad industry effort, with a working party consisting of Twilio’s SendGrid, LinkedIn, Validity, Fastmail, Valimail, Verizon Media, and Google.
Until now, BIMI had only been fully adopted by Verizon’s email clients (Yahoo and AOL), but as Gmail is supreme and one of the most widely used email clients within the world, its inclusion represents a landmark for the BIMI specification.
This means BIMI (Brand Indicators for Message Identification) will now be supported by “two of the three biggest North American free mailbox providers,” writes Len Shneyder, vice chairman of industry relations for Twilio”.
BIMI has brought together a high-powered group of email tech providers. The Authindicators unit includes Google, Yahoo, Twilio, Comcast, Valimail, 250ok, and ReturnPath.
All brands will need to do is use DMARC–with enforcement—as their security standard, Google notes.
“Our BIMI pilot will enable organizations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google,” states a post was written by Karthik Lakshminarayanan, director of product management, G Suite security & controls at Google, and Neil Kumaran, product manager, Gmail security.
Further added, “Once these authenticated emails pass all of our other anti-abuse checks, Gmail will start displaying the emblem in existing avatar slots within the Gmail UI.”
Shneyder explains that “VMCs exist to validate ownership of an organization’s logo; the certificates are registered trademarks of the logo/image.”
He adds that “VMCs are going to be issued by two BIMI-qualified Certification Authorities – Entrust Datacard and DigiCert (currently, VMCs are a Google-specific requirement for BIMI).”
“For organizations that want to form a trusted brand presence over email, BIMI may be a great opportunity, incentivizing them to implement strong authentication, which successively will cause a safer, more trusted email ecosystem for everybody,” concludes Seth Blank, chair of the AuthIndicators unit and also the vice chairman, standards and new technologies, at Valimail, per the Google blog.