Gmail to Start Testing Brand Logo Validation System for Emails

[MacRumors]

Google this week announced several new security features for its G Suite services, and the most notable for Gmail users is a pilot of an email specification that allows brand logos to display within authenticated emails.

Brand Indications for Message Identification (BIMI) is developed by the AuthIndicators Working Group, and requires emails to pass Google's anti-abuse validation, after which it brands the incoming message with a logo of the company that sent it.

Our BIMI pilot will enable organizations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google. Once these authenticated emails pass all of our other anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI.

By authenticating messages using the existing DMARC system and requiring strong authentication, the spec aims to give users and email security systems increased confidence in the source of emails while creating a trusted brand presence.

Google says it will be starting the BIMI pilot in the coming weeks with a limited number of senders. To learn more about BIMI, you can visit the working group's website.

Article Link: Gmail to Start Testing Brand Logo Validation System for Emails

 

[Unggoy Murderer]

Maybe Google should have a chat with Twitter about how well these "verification" systems work.

Also, I'm sure there's some subtle irony in using CNN in their graphic...

 

[taco1138]

Hah. What could go wrong?

 

[MacBH928]

I never got why email providers can't have like the website "LOCK" certificate, by showing something like a checkmark to or a symbol to show that this email is authentic it could really stop a lot of those spam emails.

I can tell an email is spam just by reading the title but even I once had to double check if the email legit or not, so I don't know about your average joe.

 

[B4U]

Hey, Google. No need to remind everyone that you peek at the emails. ?

 

[alexjholland]

I hope small businesses (like mine) get access to this feature too!

 

[[AUT] Thomas]

Oh, yes... BIMI. It's useless without VMC (Verified Mark Certificates), possibly even creates false security...
Why? It doesn't protect from lookalike domains. Everyone can setup a lookalike domain like "macrumrs.com" and setup BIMI on that, put the MR logo. SPF, DKIM, DMARC... all of that will pass with flying colors. S/MIME signing has the same issue.

As for BIMI: We don't need any further protection from fake "FROM:" emails. Spoofed emails end up in the junk anyway thanks to SPF and possibly DKIM.

All of this nonsense could be eliminated when the sending server simply signs the emails using a (manually) validated cert for the sending domain.

However, there are to many backward people that think that, before touching the core of the mail-server they rather build another system around it. For example, Microsoft doesn't even support DKIM on Microsoft Exchange Server.

 

[Apple Macintosh 128K]

Good way to bring more trust to email. Weed out phishing easier.

 

[3329783]

authentic fake news.

 

[GadgetBen]

Assuming if you send a Company email via your G Suite Gmail app, or when signed-in on the web via Google Chrome, that this authentication comes as standard?

I wonder how it would respond via Mail...

 

[deannnnn]

Plenty of companies do this already, how is this different? Just that it will be official and verified?

 

[4487549]

Glad to see Google authenticating their customers

 

[Dezryth]

Certified verified fake news straight to my Inbox?? Thanks Google!

 

[unplugme71]

It would be better if the email said Bank of America and came from a non BoA domain to flag it as potentially not being a legit BoA email since GMAIL already reads your emails.