Google has announced that the verified brand logos functionality would be available in its Gmail email service.
Gmail will now display certified brand logos to email recipients, enhancing security and assisting users in avoiding scams.
In July 2020, the tech giant announced a Gmail test for Brand Indicators for Message Identification (BIMI).
In 2019, it became a member of the BIMI working group. It had stated that organisations employing the Sender Policy Framework (SMF) or DomainKeys Identified Mail (DKIM) email authentication protocols would see authorised logos appear in their emails.
“BIMI seeks to increase the use of robust authentication in the email ecosystem for those who have implemented Domain-based Message Authentication, Reporting, and Conformance (DMARC). For senders that have implemented DMARC and validated their images, Gmail will display validated logos in avatar areas, providing recipients increased confidence in the source of their communications.”
How it works
By demanding stringent authentication and verification of logos before being shown in the Gmail avatar slot, BIMI adds an extra degree of security to Gmail. It also aids email security systems in distinguishing between fraudulent and legitimate emails.
“Organizations that authenticate their emails using Domain-based Message Authentication, Reporting, and Conformance (DMARC)—a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones—can validate ownership of their logos and securely transmit them to Google,” according to the company.
Organizations who use SPF or DKIM to authenticate their emails and use DMARC can Google their certified trademarked logos via a Verified Mark Certificate (VMC).
“BIMI uses Mark Verifying Authorities, which are comparable to Certification Authorities, to confirm logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our additional anti-abuse tests, Gmail will start showing the symbol in the current avatar field.” It went on to mention something else.
Admins must ensure that their organisation has implemented DMARC. Their logo has been certified with a VMC given by a Certification Authority such as Entrust or DigiCert to use BIMI for outgoing emails to Gmail and other platforms.
All Google Workspace clients and G Suite Basic and Business customers can use the service.
Source:https://cyber-security-information.blogspot.com/2021/08/to-tackle-phishing-spoofing-gmail-to.html
