To tackle phishing, spoofing, Gmail to display authenticated brand logos

Our Bureau Mumbai | Updated on July 13, 2021

In July 2020, it had announced a pilot for Brand Indicators for Message Identification in Gmail.

Google is rolling out the authenticated brand logos feature in its email service Gmail, the tech giant has announced.

With this, Gmail will show validated brand logos to email recipients for better security and help users avoid phishing.

The tech giant in July 2020 had announced a pilot for Brand Indicators for Message Identification (BIMI) in Gmail.

It had joined the working group for BIMI in 2019. It had said that authenticated logos would appear for organisations using the Sender Policy Framework (SMF) or DomainKeys Identified Mail (DKIM) email authentication techniques for their emails.

"BIMI aims to increase the adoption of strong authentication in the email ecosystem for those who have implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC). For senders that have adopted DMARC and have validated their imagery, Gmail will display the validated logos in the avatar slots, increasing confidence in the source of emails for recipients," Google said in a blog post.

How it works

BIMI provides an additional layer of security to Gmail by requiring strong authentication and verification of logos before they’re displayed in the Gmail avatar slot. This further helps email security systems filter spoofed, phishing emails from legitimate messages.

"BIMI enables organizations that authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance (DMARC)—a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones—to validate ownership of their logos and securely transmit them to Google," it explained.

Organisations authenticating their emails with SPF or DKIM and deploying DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC).

"BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot," it further explained.

In order to take advantage of BIMI for their outgoing emails to Gmail and other platforms, admins will need to ensure that their organisation has adopted DMARC, and that they have validated their logo with a VMC, issued by a Certification Authority such as Entrust or DigiCert.

The feature is available to all Google Workspace customers, as well as G Suite Basic and Business customers.

Published on July 13, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

  1. Comments will be moderated by The Hindu Business Line editorial team.
  2. Comments that are abusive, personal, incendiary or irrelevant cannot be published.
  3. Please write complete sentences. Do not type comments in all capital letters, or in all lower case letters, or using abbreviated text. (example: u cannot substitute for you, d is not 'the', n is not 'and').
  4. We may remove hyperlinks within comments.
  5. Please use a genuine email ID and provide your name, to avoid rejection.