Skip to main content

Gmail support for BIMI is a major milestone for strong email authentication

Jul

12

2021

Time to read

Read so far

Written by: 

Chris Bailey

Time to read

Written by: 

VMC_1000x420

Earlier today, Google announced its support for Brand Indicators for Message Identification (BIMI), an industry standard that aims to drive adoption of strong sender authentication for the entire email ecosystem. By implementing a Verified Mark Certificate (VMC) along with a Domain-based Message Authentication Reporting and Conformance (DMARC) protocol policy of quarantine or reject, a brand’s registered logo will appear in Gmail’s avatar slot.

Entrust is pleased to announce the general availability of VMCs. There is already a pent-up demand for VMCs from enterprises who value email brand promotion and security.

This is very good news for any brand that sends important emails – whether for marketing or communications with customers – and especially those who invest in strong sender authentication using DMARC. It means that instead of seeing a generic symbol next to the message, customers may see registered trademarked brand logos, with ownership of the logo and the message authenticated and verified by the combination of DMARC and the VMC. It means that users can have more confidence in the source of emails they receive, and brands can better leverage the trust and investment they’ve made in their brands in the inbox.

vmc phone

Gmail support for BIMI – and strong authentication with DMARC and VMCs – is an important milestone for email users, and we take more than a little pride in our role in this milestone. Over four years ago, Entrust worked with Google and other members of a group called the AuthIndicators Working Group to create a new type of digital certificate that would contain cryptographically-verifiable brand information for use by mailbox providers and others - a “Verified Mark Certificate” or VMC.

During this development period, Entrust helped guide this new offering to market. We created the first version of the VMC Requirements and issued the world’s first VMC to a customer during a Gmail pilot program.  Today, we are announcing the general availability of VMCs from Entrust along with a full reseller and enterprise API for our partners and enterprise customers. Although there are many hands that have contributed to getting VMCs to this important starting point, I’d like to specially recognize Kirk Hall at Entrust and Wei Chuang at Google for their critical contributions to Verified Mark Certificates.

We’ve already signed up several partners that our customers can work with, some of whom like Red Sift have fully integrated into our API for VMCs.  The full partner list can be found here.

Requiring strong authentication in Gmail helps bolster the large, complex, and interconnected email ecosystem while creating a strong baseline of built-in security protection. BIMI benefits users and email security systems with increased confidence in the source of emails, and senders will be able to leverage their brand trust to provide their customers with a more immersive email experience.

“The relationship we maintain with our customers is paramount to every decision we make. By adopting the BIMI standard, customers can view our familiar registered trademark with every email received on email platforms that support BIMI. This will give our customers confidence that emails from Trend Micro are authenticated with security standards shown to prevent spoofing and phishing,” said Kevin Simzer, Chief Operating Officer, Trend Micro.

So how can I get my registered logo to appear in a Gmail inbox?

First, get a VMC. As noted above, a VMC contains an organization’s confirmed logo mark (a registered trademark) which can then be displayed in Gmail once it passes Gmail anti-abuse checks — and eventually will be displayed similarly by other participating email providers.

VMC’s are the highest level of logo verification defined in the BIMI standard. How does an email sending organization get started? It first obtains a VMC from a Certification Authority (CA) like Entrust. Then, the organization also needs to pass anti-abuse checks with the mailbox provider and must also publish a Domain-based Message Authentication, Reporting and Conformance (DMARC) record at 100 percent quarantine or reject. Finally, the email sender must set up a BIMI DNS record that includes a URL pointing to where the VMC containing its confirmed, cryptographically-signed data can be found and used by mailbox providers.

Getting a Verified Mark Certificate

To get a VMC under current requirements, an email sender will need to have a logo that is registered with one of eight BIMI supported international trademark offices, such as the US Patent and Trademark Office for US logos. More trademark offices are located here. The logo is then confirmed by Entrust and included in the VMC with the organization’s identity data and cryptographically signed by Entrust so it can’t be altered and will be trusted by all participating mailbox providers.

If you’re interested in adding strong authentication and a registered trademark to your emails, contact us at https://www.entrust.com/partner-directory.

ChrisBailey
Chris Bailey
Vice President, Trust Services
Chris Bailey is the VP of Trust Services for Entrust. Bailey is a co-creator of Verified Mark Certificates and Government Mark Certificates, used to convey logo and identity information in messages. He is also the co-creator of Extended Validation Certificates and Domain Validated Certificates, used to secure TLS/SSL connections. Bailey also co-created the first publicly trusted PDF signing certificate with Adobe. Having served in the industry since 1998, Bailey is a current and founding member of industry standard groups the CA/Browser Forum and the PKI Consortium, where he continues to actively promote industry best practices and education.
View all of Chris's Posts
Facebook