BIMI in Gmail: The New Standard for Email Security

Google Workspace Security BIMI Gmail DMARC Email Authentication |
| 4 min read
blog-img

Creating a strong baseline level of security in Gmail has always been our main principle. That’s why we constantly add built-in protection mechanisms to filter out malicious messages. Today we are announcing the public support of Brand Indicators for Message Identification (BIMI) in Gmail within Google Workspace.

BIMI is an industry standard aimed at achieving strong sender authentication across the entire email ecosystem. It gives email recipients and security systems increased confidence in the email source and allows senders to offer their audience a more trusted experience.

BIMI in Gmail

What is BIMI and how does it work?

BIMI allows organizations that use DMARC (Domain-based Message Authentication, Reporting, and Conformance) to verify ownership of their logo and securely transmit it to Google. DMARC is a standard for strong sender authentication that helps security systems differentiate legitimate messages from spam.

BIMI is designed for simplicity: for organizations that have DMARC implemented, verified logos will appear on authenticated emails sent from their domains and subdomains.

The process is as follows:

  1. Organizations authenticate email using SPF (Sender Policy Framework) or DKIM (Domain Keys Identified Mail).
  2. Deploy DMARC with a strict enforcement policy.
  3. Provide their verified trademark logo to Google via VMC (Verified Mark Certificate).
  4. BIMI uses Mark Verifying Authorities (such as Certification Authorities) to verify ownership of the logo.

Once these authenticated emails pass our other anti-abuse checks, Gmail will begin displaying the logo in the existing avatar space.

A step forward for the email ecosystem

“Gmail’s support of BIMI is a win for email authentication, brand trust, and consumers alike. BIMI gives organizations the opportunity to offer their consumers a more immersive experience and strengthen sender authentication across the entire ecosystem.” — said Seth Blank, Chairman of the AuthIndicators Working Group.

This is just the beginning for BIMI. The standard is expected to expand in support of logo types and validators. Today, Entrust and DigiCert support BIMI as certification bodies.

To take advantage of BIMI, ensure your organization has adopted DMARC and has verified your logo with VMC. No additional action is required for Gmail users.

For more information, visit the working group website.

avatar
Geosoft Blogger

Cloud First Technology.

Related post:
Popular Tags:
footer-upper-img