BIMI is ready for liftoff

A new email standard is about to transform the way we experience our inboxes and interact with our favorite brands.

That standard, called Brand Indicators for Message Identification, or BIMI, will allow brands to specify images that appear alongside the authenticated email messages they send.

The standard is being developed and supported by a vendor consortium that includes industry leaders Comcast, Google, LinkedIn, ReturnPath, Valimail, Verizon Media, and 250ok. A pilot is currently underway at Verizon Media (on Yahoo Mail) and Google will begin a BIMI pilot with Gmail in the coming year.

Once BIMI is officially deployed by email receivers, brands will have an enormous opportunity to multiply their impact with every email they send.

But you don’t have to wait. Brands can get on board this bus today, by first protecting  their domains using DMARC authentication and then joining the BIMI pilot process.

Some key BIMI benefits: .

  • BIMI logos only appear alongside authenticated messages.
  • The logos appear in end-users’ inboxes alongside email messages — even in the list view.
  • In other words, BIMI offers the opportunity to generate millions of brand impressions even if people don’t open these emails.
  • Using BIMI, brands have full control of their imagery, instead of inbox providers.

Safety First: DMARC enforcement is a prerequisite

By itself, BIMI provides no assurances that a message is authenticated, and BIMI is not a security standard.

In order to use BIMI, domains need to implement authentication through DMARC. Specifically, they need a DMARC record at enforcement in DNS. That means a DMARC policy that directs mail receivers to keep all unauthenticated email out of recipients’ inboxes.

Note that this enforcement policy must apply to the organizational domain and all subdomains, not just the subdomain used to send email.

Even without BIMI, enforcement has brand benefits of its own: DMARC enforcement prevents your brand from being spoofed by unauthorized parties. DMARC enforcement has also been shown to increase email deliverability by 10% or more.

According to Valimail’s latest research, there’s been a 5X increase in the number of DMARC records worldwide over the past three years.

However, most of those DMARC records lack an enforcement policy. Less than 17% of the 850,000 domains with DMARC records are currently at enforcement for the organizational domain.

The other 83%? They have DMARC, but they’re not able to use BIMI yet.

The other prerequisite: A validated logo

The other key component for enabling BIMI is validating your logo by getting a Verified Mark Certificate, or VMC. This is a new type of digital certificate that ties together a company, its domain, and its logo in a verifiable way.

The VMC registration system is designed to prevent bad actors from registering logos that they don’t own. If someone does try to use a VMC to register a logo that they don’t own, the VMC registration contains everything that the rightful trademark owner needs to track down the bad actor and pursue legal action.

BIMI is currently being piloted with Yahoo Mail, where VMC certificates are not required, but VMC has been developed with future BIMI pilots in mind and is expected to become a requirement for all BIMI implementations.

In late August, Entrust Datacard issued the first test VMC, and earlier this month, DigiCert issued the first VMC for an emailing domain: That’s a huge leap forward for the security and scalability of BIMI.

And while CNN was the first domain to get BIMI-ready with a VMC cert, it most certainly won’t be the last.

Key benefits for brands

According to the working group developing the standard, BIMI offers a couple of key benefits to brands:

  • BIMI lets you leverage the investment in your DMARC enforcement project to increase the value of your brand by displaying logos to your customers.
  • BIMI provides a way to automatically manage your logos, ensuring the correct one is displayed.  (Inboxes currently make guesses about which “avatar” to display, and sometimes they guess wrong.)

BIMI logos can be  changed whenever needed, and brands can specify different ones for different purposes. For instance, you’ll be able to deploy specialized logo for new marketing campaigns, new business initiatives, new product introductions, etc. You control your image — not inbox providers.

Additionally, branded emails can increase open rates by about 10%, according to a study done by Verizon Media.

And, as we mentioned above, BIMI offers brand impressions at scale, even if the recipients don’t open the emails.

With a BIMI pilot currently underway in Yahoo Mail, and Google planning a pilot for 2020, now is the time to get ready for BIMI.

If you’d like to participate in BIMI pilots and start reaping the benefits of BIMI immediately, you need to work with a member of the working group that oversees the BIMI standard — such as Valimail.

Valimail’s product, Valimail Amplify, offers completely automated and seamless management of BIMI for domains and subdomains.

We can also simplify the process of getting a VMC certificate, through our close relationship with DigiCert.

Download the Valimail Amplify data sheet and find out how you can participate in the BIMI pilot process today.

The post BIMI is ready for liftoff appeared first on Valimail.

*** This is a Security Bloggers Network syndicated blog from Valimail authored by Valimail. Read the original post at: