BIMI launches to add trusted logos to emails

If you get an email from Amazon, how do you know it’s actually from the ecommerce giant? You could look for the “@amazon.com” domain. And now you will have another option, if the new BIMI approach catches on. BIMI — which stands for Brand Indicators for Message Identification — is a new open standard for logo display in emails that was announced this week. It provides that the brand’s logo appears next to the email subject line in your inbox (see below) and in the upper left corner (outside of the email body) once you open the missive.

The key idea is that brands will get lots of free brand impressions — there’s no charge to use BIMI — and users get an increased sense of trust about the source of brand emails. The standard was created by the Authindicators Working Group, led by cybersecurity firm Agari and including representatives from Comcast, Valimail, Google, Microsoft and Oath (Yahoo, AOL). Members of the group, including Agari, were involved in the development of the DMARC (Domain-based Message Authentication, Reporting and Conformance) email authentication standard. Launched in 2012, DMARC was intended to counter email spoofing, where a sender’s identity is faked. BIMI is only available for email senders with DMARC-autenticated Net domains. BIMI instructions will have to be added to the domain owners’ Domain Name System (DNS) records, such as the URL of the logo file. The file in this pilot is a graphical image of a logo, but it could be any media file — video, animation — if the ISP and email provider would support that. The BIMI logo is displayed in a space controlled by the email service provider. Eventually, the fully implemented BIMI will require that domain owners utilize a currently-unspecified trusted third-party authority to verify the ownership of the logo file. Additionally, the standard may include brand info that users obtain with a click or rollover. But, Agari Executive Chairman and founder Patrick Peterson told me, the BIMI approach could also be utilized in other communications, such as mobile messaging, so that it could become common to see a brand logo alongside a brand message. Peterson also envisioned a similar audio logo, such as the Intel chime, could occupy a provider-owned spot in a voice mail. The BIMI analogue in other communication channels is the idea of a brand identity in space managed by the provider, since BIMI itself is based on a logo space retained by the provider in an email, not on any kind of universal header in other communications. Peterson noted that, because the logo resides in an email provider’s space alongside a subject line in an inbox, it is virtually hack-proof. But he acknowledged that, inside the email, many users many not notice that a fake logo in the email body is not in the correct BIMI location of upper left, outside the email. Peterson estimated that about 50,000 companies currently use DMARC, and noted that studies show DMARC has boosted open rates by 10 percent because users find that they’re getting fewer spam. The initial adoption of DMARC was slow, but BIMI’s adoption might be helped by all those free brand impressions. “Let’s write the second chapter [of DMARC],” he said. The first pilot for BIMI will start rolling out next week for Yahoo Mail users, in the app or on the web. Participating brands include Groupon, Aetna and Agari.