Verified Mark Certificates 05-17-2023

New Gmail Feature Improves Marketing and Helps Fight Fraud

Gmail Blog Hero

Google recently announced expanded support in Gmail for the Brand Indicators for Message Identification (BIMI) email specification. The phrase “email specification” probably doesn’t move you to the edge of your seat. Hang in there. BIMI is a simple concept with a lot of promise for teams trying to promote a business and defend it.

In simple terms, BIMI allows email senders to display their trademarked logo in the recipients’ email inboxes. Doing so improves engagement with marketing emails and delivers brand impressions without purchasing ad space. BIMI is an extension of the email authentication protocol, Domain-based Message Authentication, Reporting & Conformance (DMARC), which helps deliverability and defense against phishing and other social engineering email attacks.

Without brand indicators, email recipients see only the avatar — i.e., a circle with your initials. Unbranded email does not stand out from other promotions, confirmations, or threads and it is difficult for users to discern legitimate messages from scams. BIMI adoption also reinforces public trust in your brand by signaling that your organization has taken steps to authenticate your email sending infrastructure.

example emails with or without BIMI
Figure 1: Marketing emails with and without BIMI

Google has taken its support for BIMI to the next level by releasing a feature to display a checkmark next to the sender’s logo. This checkmark indicates to the user that the sender organization has passed the required steps to authenticate their email servers and prove ownership of the logo. You can satisfy the former by enforcing DMARC. The latter you can achieve by going through the validation required to get a Verified Mark Certificate (VMC).

example of Gmail checkmark
Figure 2: The Gmail checkmark

Email remains the favored vector for criminals to deliver malware and credential harvesting attacks. According to the 2022 Verizon Data Breach Investigations Report, the “human element continues to drive breaches” and organizations receive over 75% of malware via email. These issues impact all companies by increasing incident response costs, customer support and fraud losses.

The logo and the checkmark displayed in Gmail are simply visual cues to help your customers and employees trust the authenticity of your emails. In turn, they are less likely to expose their passwords or infect their devices with malware. Of course, employees should not abandon lessons from their security awareness training, and you should continue to educate customers about scams, but this does make it easier for them to spot spoofed messages.

In addition to providing visual proof of email authenticity, BIMI provides marketers with a means to enforce consistent logos, improve audience engagement with email marketing campaigns, and deliver on trust and safety promises. Anyone that has gone through a brand refresh has also had to spend time tracking down legacy logos in the several systems and services used to send emails on their behalf. The brand impressions provided by BIMI allow your emails to rise above the typical inbox clutter. As your audience becomes more aware of BIMI they will appreciate that your organization has committed to the steps available to fight impostor fraud and other scams.

Brand indicators can be centrally configured in your Domain Name System (DNS) record so any supporting mailbox provider will display your logo. This is especially handy for businesses that use multiple technologies for sending bulk, transactional and individual emails (e.g., marketing platform, CRM platform and corporate email).

This enhancement to Gmail is another indication your organization needs to adopt BIMI and undertake the VMC process. Doing so is a competitive differentiator that will allow you to realize the benefits of having your emails stand out from the crowd and reinforce public trust in your brand. To learn more about VMCs, visit DigiCert's Verified Mark Certificates page.


3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min