• by Ray Schultz , Columnist, July 23, 2018

Don’t be suspicious if you get an email with a brand logo in the subject line. It’s safe to open — the logo proves it.

That’s the logic behind Brand Indicators or Message Identification (BIMI), an email authentication standard developed by a group including Agari, Valimail, Comcast, Google, Microsoft and Oath.

The logo appears only if the email has been authenticated, which should reassure both recipients and senders. 

Yahoo Mail is the first email service provider to test BIMI,  and a number of large brands are in early trials across all Yahoo properties, according to Seth Blank, director of industry initiatives at Valimail, who in June replaced Thede Loder, formerly of Agari and now managing director of Skye Logicworks, as chairman of the BIMI committee — officially known as the AuthIndicators Working Group.  

In his new role, Blank plans to double down on developing a “vendor-neutral program broadly acceptable to everyone.” To that end, the developers are trying to make sure that BIMI “works at scale without introducing phishing vectors,” Blank adds.

When that goal is finalized, and you may see more global vendors and brands publicly buying in, Blank says.

Think of the reach if Gmail adopted it, for example. Valimail has been involved from the start, and has helped write the specs. 

Who’s paying the bill for all this? “The individual members of the working group have all put in development time and resources,” Blank says.

BIMI has been called DMARC 2.0, but Blank says: “I don’t like that moniker. This is something else — at a higher level. DMARC established the trust framework,  BIMI is built on top of that foundation.”

He adds that BIMI is “assertive” — it gets your logo right out there. A Bank of America customer would see clearly that the email is from the bank. 

The idea for BIMI originated with DMARC vendors a few years ago. “DMARC solves a meaningful problem when it comes to fraud prevention, but people were not doing this rapidly,” Blank says. “It gets stuck as a project that’s rarely completed.”

DMARC, of course, is Domain-based Message Authentication, Reporting and Conformance — the standard email authentication tool. Earlier this year, 250ok found in a study that almost 90% of the top e-retailers in the U.S. and Europe are failing to use it. 

In effect, the DMARC people asked: “How do we create an incentive?” That would be the ability to create millions — maybe even billions — of brand impressions.

That said, Blank adds that “more DMARC records have been inserted in the last six months than in the four and a half years before that.” 

And now comes BIMI. Blank contends that logos and authentications go together — “you can’t have one without the other,” he says. 

Isn’t there a chance that a bad actor could still hijack a logo or dummy one up? Not when brains behind BIMI are finished, he answers.  

In the announcement of his appointment, Blank states he plans to:

• Test, validate, and extend BIMI deployments in the real world; 
• Harden the security and anti-spoofing provisions of BIMI;  
• Advance BIMI through relevant standards processes.

Blank will also serve as BIMI’s chief salesman and educator. Ask him, and he’ll tell you that the new standard ““gives marketers a reason to think about email best practices beyond just deliverability.”

Welcome to the job.