Big News For BIMI: Google Launches Gmail Pilot

BIMI, the program that allows firms to exhibit their brand logos in emails, will soon be tested by the world’s largest email service: Gmail.

Google announced on Tuesday it is starting a long-awaited pilot with a limited number of senders. Two certification authorities will validate logo ownership: Entrust Datacard and DigiCert.

This means  BIMI (Brand Indicators for Message Identification) will now be supported by “two of the three biggest North American free mailbox providers,” writes Len Shneyder, vice president of industry relations for Twilio. Yahoo! was first out of the gate.  

BIMI has brought together a high-powered group of email tech providers. The Authindicators Working Group includes Google, Yahoo, Twilio, Comcast, Valimail, 250ok and ReturnPath.

All brands will have to do is use DMARC--with  enforcement—as their security standard, Google notes.   

“Our BIMI pilot will enable organizations, who authenticate their emails using DMARC, to validate ownership of their corporate logos and securely transmit them to Google,” states a blog post written by Karthik Lakshminarayanan, director of product management, G Suite security & controls at Google, and Neil Kumaran, product manager, Gmail security. 



The authors add, “Once these authenticated emails pass all of our other anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI.” 

Here’s the payoff for brands: 

“BIMI provides benefits to the whole email ecosystem. By requiring strong authentication, users and email security systems can have increased confidence in the source of emails, and senders will be able to leverage their brand trust and provide their customers with a more immersive experience,” the Google post continues. 

According to Shneyder, senders will have to: 

  • Authenticate their email using SPF and DKIM.
  • Publish a DMARC policy at enforcement which means either “p=quarantine” or “p=reject” on the organizational domain (No sp=none or pct<100).
  • Create and publish a Scalable Vector Graphic (SVG) Tiny 1.2 logomark.
  • Publish a BIMI record (check it out using this BIMI Generator).
  • Obtain a Verified Mark Certificate (BIMI certificate) for the logo.

Shneyder explains that “VMCs exist to validate ownership of an organization’s logo; the certificates are based on registered trademarks of the logo/image.” 

He adds that “VMCs will be issued by two BIMI-qualified Certification Authorities - Entrust DataCard and DigiCert (currently, VMCs are a Google-specific requirement for BIMI).”

 “For organizations that want to create a trusted brand presence over email, BIMI is a great opportunity, incentivizing them to implement strong authentication, which in turn will lead to a safer, more trusted email ecosystem for everyone.” concludes Seth Blank, chair of the AuthIndicators Working Group and the vice president, standards and new technologies, at Valimail, according to the Google blog.

Next story loading loading..