by Jenna Moye
What is BIMI?
The acronym BIMI stands for Brand Indicators for Message Identification. BIMI is the latest development in email authentication to prevent fraudulent email and serves as a huge, new opportunity for companies to put their brands in front of consumers for free. BIMI also serves as a revolutionary way to reassure your recipients that you have the proper security measures in place by simply displaying your logo next to your email.
“A new opportunity for companies to put their brands in front of consumers for free.”
By implementing BIMI, companies (email senders) receive free added value by increasing brand visibility in the inbox. Not only is this something that CMOs are raving over, but more importantly, it ensures the level of authenticity from the sender, building trust with your consumers.
“This is a win-win situation: the brand has better exposure, better control of their logo, higher engagement on the consumer side, it’s more secure and Yahoo can authenticate emails in our system,” said Marcel Becker, Director of Product Management for Oath, the Verizon company that owns Yahoo and AOL.
How Can I Get BIMI for Our Brand?
I’ve met marketers who have experienced BIMI in action, and they often ask, “How do we get our logo displayed when we send our emails?” It’s important to know that BIMI is more than just a way to get your brand in front of users, which is an added bonus, but the value is in what it’s really doing for your brand and email marketing program behind the scenes. What it requires is a look at your email infrastructure and your email authentication set up. By now you should know the terms SPF, DKIM, and DMARC. These are important because BIMI plays off of the email authentication factors that you already have in place. In an article published by Only Influencers on Why Deliverability Matters, Chris Arrendale, founder of Inbox Pros and Chief Privacy Officer for Trendline Interactive, notes, “For a BIMI logo to be displayed, the sender needs to have DMARC, SPF and DKIM in place so that the source can be marked as trusted. The brand also needs to publish its logo in the DNS (Domain Name System) record.”
In a draft by the Authindicators Working Group, who is behind the development of BIMI, related the approach of BIMI being very similar to the approach that DKIM takes. It is compatible with your existing email infrastructure and requires minimal new infrastructure. The two are very similar in other ways such as deployment, encryption, and implementation.
Why is BIMI Important for Deliverability?
The first few companies to implement BIMI during the pilot period were Groupon, Aetna, SparkPost, and Agari. Groupon quickly recognized the value of this additional step in ensuring that their users were receiving authentic email. Groupon’s Senior Manager Messaging Delivery, Torsten Reinert stated, “Groupon relies on social media, messaging applications and email to help local businesses attract and retain customers. By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.”
“By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.” -Torsten Reinert, Groupon
If you’re familiar with SPF, DKIM, and DMARC, you know that these three elements are key in preventing fraudulent emails. Unfortunately, no one would ever know if you had the proper authentication set up unless they were to go into the header of your email to check if SPF, DKIM, and DMARC were passing. I would much rather see a company’s logo than the question mark, which would make me question if this email is not secure to open or even click on internal links. It’s not to say that those whose logos are not displayed are fraudulent, but it’s a good indicator that they may not have the right policies in place, thus making them ineligible to implement BIMI.
The purpose here is to encourage all senders to use all forms of email authentication to stop phishing attacks. Due to the amount of spam on the internet today, by being able to clearly identify authenticated mail, it benefits the user and the sender. With fraudulent mail, data breaches, and email hackers on the rise, no one can afford another incident where the validity of the sender is compromised.
“BIMI is a revolutionary way to reassure your recipients that you have the proper security measures in place by simply displaying your logo next to your email.”
Prior to BIMI coming out, DMARC was the latest form of email sender authentication sweeping the email world. In October 2017, the U.S. Dept. of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018. This new development in email serves as an incentive to have businesses authenticate their mail. Agari, which is among many of the working group members, helped pioneer the development of the DMARC authentication standard from 2010 to 2013.
(Above: An example of how a phishing email could look)
The Impact of Phishing Emails
Brand protection. Simply stated, this is what BIMI, DMARC, and other forms of email sender authentication are protecting. It seems as of late, every time I turn on the news or catch up on the latest articles in the email space, there is another data breach. Phishing attacks are usually the first step of a data breach. Allowing spammers access to information then gives them access to distribute malware, causing a long and painful domino effect affecting company’s customers.
Long term, this creates a distrust between the consumer and the company. Companies spend months relentlessly trying to compensate their consumers for the mishap and shifting their marketing strategy attempting to reposition themselves as a company that can be trusted again.
“Phishing is an attack that looks friendly and familiar sent via email that contains a malicious link or attachment.”
According to Verizon’s 2018 Data Breach Investigation Report (DBIR), phishing (alongside pretexting) makes up for 93% of all social breaches, with email being the most common attacker. Phishing is an attack that looks friendly and familiar sent via email that contains a malicious link or attachment. With the use of ‘click bait’, they provide a sense of urgency for the recipient to change passwords, re-enter account information, or direct them to sites where confidential information is stored, such as banking. Also stated in Verizon’s report was that in 2017, 59% of phishing attacks are financially motivated and that 4% of people will click on the bait in a simulated phishing campaign and will be more likely to click on them in future.
- MailChimp-attackers used compromised MailChimp accounts to send out fake invoice notifications.
- IRS related-messages asked recipients to disclose their email usernames and passwords so they could obtain access to the tax professionals’ accounts, steal their clients’ data, and either sell this information or use it to file fraudulent tax returns.
- Google and Facebook were collectively scammed out of $100 million dollars through a phishing campaign claiming to be a computer-parts vendor.
- FIFA World Cup-scammers used phishing emails targeting recipient’s personal information by informing them they won a trip to attend the event in Moscow.
For more information on BIMI visit Brand Indicators for Message Identification. For help with DMARC implementation to aid BIMI set-up, contact us today!