BIMI’s Visual Makeover: Gmail’s Blue Verified Checkmarks Make Headlines

Email authentication protocols (SPF, DKIM, and DMARC) have been around for a while now, and the awareness about their benefits is much higher than a few years ago. Brand Indicators for Messages Identification (BIMI) is the recent addition to the family of email authentication protocols and haven’t had quite as much time to catch on.

This article investigates why more companies don’t implement BIMI and what steps Google is taking to incentivize businesses.

Why BIMI Flopped?

According to, June 2022 saw 14,882 active BIMI records. However, only 331 had a valid Verified Mark Certificate. This statistic shows that our statement about BIMI flopping isn’t too farfetched.

While BIMI aspired to crown any DMARC-compliant domain and make it stand out in the crowded inboxes, nobody seems to care about it as much as its creators (Google itself) hoped for. We’ve indicated a few reasons.

The Journey Before BIMI

The first and most obvious reason is that you cannot simply place a BIMI record into your DNS and call it a day.

You must walk the mile setting up SPF, DKIM, and DMARC. Then, enforce DMARC to its highest policy. As you might imagine, this process takes time and patience, especially if you have a larger email environment with multiple sending sources.

Be The Next To

Achieve Peace Of Mind Through Email Authentication

You’ve already spent a few weeks managing your domain infrastructure, and we haven’t even started talking about BIMI.

Once you’ve got full DMARC compliance, the next step is to make a BIMI-compatible logo and apply for the Verified Mark Certificate (VMC), which takes a few more weeks to obtain. The last and most straightforward part of this process is to generate your BIMI record and place it into the DNS.

Verified Mark Certificates Are Expensive

As DMARC experts, we often talk to our clients about the next steps after DMARC implementation. As soon as we speak about BIMI and its benefits, they get excited. However, the real turnoff for any small and medium business is the VMC price – a yearly payment of $1,499.

While this price isn’t a big deal for larger companies, it’s pretty hefty for SMBs, which (arguably) need BIMI and the brand recognition it provides more.

Tedious Process Vs. Tangible Benefits

As you can see, getting on the BIMI bandwagon takes a long time and is expensive. However, if the tangible benefits of having BIMI were more prominent, some businesses would sway to the side of getting verified.

Still, the difference between having BIMI and not having one wasn’t apparent until Gmail announced the implementation of blue verified checkmarks. Simply using your company logo as your profile picture in Gmail could “cheat the eye” of a customer in some cases.

Familiar Blue Checkmarks in Gmail

Blue checkmarks aren’t news on the Internet. They’ve been around since 2009, when Twitter deployed them to differentiate between celebrity accounts and their impersonators.

These didn’t stay exclusive to Twitter, though – they became an internet-wide phenomenon. Almost all social media websites have something similar these days.

Then, Twitter ditched it, as Gmail picked it up. (This fun “exchange” will stay in the history of the Internet forever.)

How Does It Work?

While celebrities get verified for adhering to the given standards, in Gmail’s case, checkmarks actually mean work done. They indicate that the email domain owner has gone through email authentication processes, reached the DMARC “reject” policy, implemented BIMI, and owns the logo in the picture.

The blue verified checkmark will appear near the sender’s name, and hovering over it will show the following message:

“The sender of this email has verified that they own [the domain] and the logo in the profile image.”

Why Does This Matter?

Email spoofing and phishing are widespread threats to business reputation. Experts created email authentication protocols to protect their domain infrastructure and steer their customers clear from impostors that use their names for malicious activities.

BIMI put the company logo out front, indicating that the email comes from a trustworthy and expected source. Still, before this change, it took a few tricks to identify whether the logo was BIMI-backed or was just the account avatar.

After Google’s improvement, the verified and protected accounts will stand out more.

Who’s Eligible for Gmail’s Blue Verified Checkmarks?

All those organizations that have gone through BIMI verification are eligible for the blue verification badge from Gmail. 

Who Can See Gmail’s Blue Verified Checkmarks?

The blue checkmark will be universally visible, including personal Google accounts, Google Workspace customers, and legacy G Suite Basic and Business clients.

When Will the Feature Be Available?

The blue verified checkmark will be available for rapid release and scheduled release accounts 1-3 days after March 3, 2023. 

What Does This Mean to EasyDMARC Customers?

Those EasyDMARC customers who’ve already implemented BIMI will start seeing the badges on their outgoing emails soon enough. It might also be a good idea to send a newsletter to your clients, announcing that your emails will be bearing the checkmark due to this feature.

For all our customers who’ve reached DMARC compliance and haven’t gone further yet, this news might be a good opportunity. You can showcase high email authentication standards, stand out in your customer inbox, and encourage trust in your business.

Our experts have considered the benefit of the blue verified checkmark in the context of email, and we strongly recommend that you give it a try.

The post BIMI’s Visual Makeover: Gmail’s Blue Verified Checkmarks Make Headlines appeared first on EasyDMARC.

*** This is a Security Bloggers Network syndicated blog from EasyDMARC authored by Hasmik Khachunts. Read the original post at: