Brand Indicators for Message Identification is a valiant effort from the email marketing industry to take the battle back to the spammers. There's quite a bit to it, but it's probably best summed up as a text file that sits on a brand's sending server. It makes sure that emails going out are truly from the brand in question -- and only then will it release the brand's logo to be attached to the email so it can appear prominently in the recipient's inbox.
Apparently, Yahoo has been running trials with a handful of retailers in the US and the tech has been working and giving rise to a 10% lift in opens. This is being attributed to the emails offering greater confidence that they are from a brand because they arrive with its logo.
it's a really good idea but I don't see it as being a guarantee that the fight against spam will be won. To begin with, there is the very obvious issue that many people view emails on software that doesn't provide pictures for contacts. I have Outlook, for example, and it just offers text for senders on my laptop, while pictures are supported on mobile.
Where pictures are supported you can see BIMI working to an extent. But what about spammers just using a copy of a logo? Now, I'm no cyber criminal and so I can't say for sure whether this will be a problem, but won't criminals be encouraged to set up their emails to be accompanied by a copy of the logo belonging to the brand they're impersonating?
I get that logos appear with emails from companies that I have not added to my contacts list, so one can imagine this could be a way around the new tighter controls.
One would imagine that any email app provider supporting BIMI would have thought of this and will consider stripping out logos from accompanying emails, unless BIMI is supported or perhaps a company is in the recipient's contact list?
I still just can't help but think this will impact spam in the short run before cyber criminals running spam and phishing campaigns up their game. Like ads.txt, it will do a lot to take out the most simplistic fraud, but as we've discovered with the recent 404 bot, which has proven adept at domain spoofing, there is often an answer to new security measures.
That's not to say they're not worth doing because one should never sit still in the battle against cyber crime -- it's just that we can't assume the good guys' next move will be enough for very long. I would also wonder how they're going to let people know about BIMI and what an accompanying logo means when it is usually the most computer illiterate and the most digitally naive members of the public who click on links because they are not savvy enough to spot a clear phishing email.
After years of not expecting a logo to show up on a branded email, how would such customers know they should now expect to see one? If there is a crude impersonation, which is still passable, how would they spot the difference? I get phishing emails from BT all the time, but if you showed me the real logo and a cyber criminal's copy, I'm not sure I would know the difference.
So, well done email marketing -- this is definitely a step in the right direction, but expect the cyber criminals to up their game soon, thus initiating another round in the game of technological cat and mouse advertisers find themselves engaged in against cyber criminals.