With a pilot announced back in July 2020 for testing, Google is finally ready to roll out its latest security feature: authenticated brand logos for their email service, Gmail. Set to roll out in the upcoming weeks, users will soon experience an added layer of safety against email-based scams.
MOUNTAIN VIEW, CALIFORNIA — The Federal Bureau of Investigation (FBI) says phishing was one of the most common cybercrimes in 2020, and it is a crime which still runs rampant today. A lot of phishing schemes involve using the names of trusted organizations and entities to trick users into giving out sensitive personal data, such as bank information and passwords.
Google has high hopes to alleviate these scams, and is planning to roll out authenticated brand logos for Gmail in the coming weeks. This feature will be similar to the “verified badges” social networks use for official accounts. Once completely rolled out, users will have less trouble determining whether an email is from an official source or not.
These authentications are made possible by integrating solutions such as the Brand Indicators for Message Identification (BIMI), an emerging standard that makes use of a brand’s DNS records to provide a brand logo, and the Domain-based Message Authentication, Reporting, and Conformance (DMARC), a standard email technology used for preventing domain spoofing.
Here’s how it’s supposed to work says Google
“Organizations who authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide their validated trademarked logos to Google via a Verified Mark Certificate (VMC).
BIMI leverages Mark Verifying Authorities, like Certification Authorities, to verify logo ownership and provide proof of verification in a VMC. Once these authenticated emails pass our other anti-abuse checks, Gmail will start displaying the logo in the existing avatar slot.”
While Gmail users are not required to do anything in preparation for the rollouts, organizations and brands are encouraged to adopt DMARC if they haven’t yet (they might want to read up on what they should do pre-setup), and adopt BIMI once it’s completely available. (RF/The MiNT)