Gmail to start showing authenticated brand logos to fight phishing scams
The DMARC standard for email verification has been around for several years. Domain-based Message Authentication, Reporting and Conformance has the potential to rebuild trust in email communications plagued by spam and phishing.
Google's announcement this week that it's about to start piloting the display of authenticated brand logos in Gmail could mark the start of the technology's mainstream adoption.
Business Gmail users with their own domain have had the ability to turn on DMARC to verify their messages for a while. This latest announcement means the BIMI (Brand Indicators for Message Identification) standard will be used to display a brand logo in the little bubble next to senders' usernames for organizations that are using DMARC authentication.
This should help users identify when a message is coming from a legitimate source and thus reduce the success of phishing campaigns.
"The BIMI specification represents years of careful, collaborative work from companies across the email ecosystem," says Seth Blank, chair of the AuthIndicators Working Group, which developed the BIMI standard. "It's been designed for security and scalability, and will help stimulate the adoption of email authentication to make email more secure for everyone. I'm excited that it has now progressed to the next step: Testing the specification in the real world."
The BIMI pilot will begin in the coming weeks with a limited number of senders, and with two certification authorities -- Entrust Datacard and DigiCert -- to validate logo ownership. This is one of a number of G-Suite security enhancements announced this week and you can read more on the Google blog.