Anti-phishing tool designed by tech companies promises brand safety in emails

Anti-phishing tool designed by tech companies promises brand safety in emails

Cybercriminals in the past year have ransomed millions of dollars from businesses using methods like phishing to swipe login credentials and take control of computer networks. Because phishing often consists of sending fraudulent emails that imitate the look of well-known brands, they can sow distrust and undermine the effectiveness of email marketing campaigns.

To help restore trust in email, a committee of tech companies — including Google, Fastmail and Verizon Media — formed the AuthIndicators Working Group to create a specification that lets verified brands display their logos alongside emails they send. The tool, called the Brand Indicators for Message Identification (BIMI) standard, promises to help marketers show that their emails are authentic.

"BIMI is really about a new standard trying to solve a very simple problem," Rahul Powar, founder and CEO of cybersecurity company Red Sift, said in an interview. "The industry for a long time has been trying to figure out how to display a consistent visual representation of senders' brand assets inside email clients."

The effort became more imperative as phishing emerged as the most common form of cybercrime. Last year, incidents of phishing were reported to the FBI's Internet Crime Complaint Center (IC3) more than twice as frequently as any other kind of online criminal activity. More than a third (36%) of successful cyberattacks on businesses this year used phishing, up 11 percentage points from 2020, according to a Verizon report.

"Everyone knows email fraud, email impersonation — all that stuff is really on the rise, especially in a post-COVID world with a lot of digitization going on," Powar said. "Any solution to this would have to be designed in such a way that had a very strong security component around it."

The growing threat from phishing comes as email marketing has endured as an effective way for brands to maintain ongoing relationships with customers, especially when they opt into receive special offers, discounts, coupons and updates about new products. Seventy percent of marketers said their companies invest in email marketing, CRM software company HubSpot found in a survey.

Potential Power of BIMI

Implementing BIMI in email marketing programs offers the possibility of creating trusted messages for consumers in a brand-safe environment. The logos appear in a prominent place next to email messages, ensuring higher visibility.

"Brands can get their logos to appear in places where previously they had no control," Powar said. "That becomes very interesting for our customers and the industry at large."

Consumers are more open to receiving emails that include a brand's logo based on the BIMI standards, Red Sift and digital security company Entrust found in a survey of U.S. and U.K. adults. Emails showing a brand's logo in the BIMI format elevated consumer confidence in its legitimacy by 90% and boosted open rates 21%, regardless of the brand's popularity or market share, per the survey. The logos also increased purchase intent 34% and brand recall an average of 18% after a five-second exposure.

"When you have something like a logo that's broadly recognized as an asset for the brand, it greatly increases people's propensity to actually open that email and read that content.."


Rahul Powar

Founder and CEO, Red Sift

"When you have something like a logo that's broadly recognized as an asset for the brand, it greatly increases people's propensity to actually open that email and read that content, especially when you're looking at it in a 'list view' mode," Powar said.

Emails with BIMI-certified logos have a variety of applications for brands. Financial services companies that are frequently spoofed in phishing attempts can offer greater peace of mind to their customers. Retailers that send promotional emails or reminders about abandoned shopping carts can also stand out with their brands appearing prominently in a list of emails. Direct-to-consumer (DTC) brands that seek to create engaging consumer experiences through their websites and apps can apply BIMI in their emails to customers, especially younger adults whose only experience of a brand may be on a smartphone.

"Being able to get these highly valuable and highly curated visual representations of the brand in front of digitally native users is very important," Powar said. "I think the standard has come at a good time. It helps to make the internet a slightly safer place."

Brands that want to adopt the BIMI standard are required to undergo a verification process that includes implementing the Domain-based Message Authentication, Reporting and Conformance (DMARC) email authentication protocol, which was an earlier effort by tech companies to prevent email spoofing and phishing. Brands also need to obtain a BIMI certificate — also known as a Verified Mark Certificate (VMC) — to confirm they have the rights to use logo images.

Google this month started implementing BIMI in Gmail, which is estimated to have more than 1.8 billion users worldwide. By implementing BIMI, Google adds its pool of email addresses to those of platforms that also support the framework, including Yahoo and Fastmail.