Agari, a cybersecurity company, announced the first pilot of an online brand standard developed with major email providers Comcast, Google, Microsoft and Oath (Yahoo, AOL) that will offer companies the opportunity to display brand logos for free, increase trust with their customers, and ultimately lead to more revenue by increasing response rates and engagement.
Brand Indicators for Message Identification (BIMI) is a standard way for brands to publish their logos online. It allows logos to be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand, application providers and consumers from impersonation attempts.
Under the draft BIMI standard, email applications display the sending company’s brand logo alongside authenticated emails in the inbox list and within emails themselves. BIMI-sourced logos appear on screen real estate controlled by the email application, not in the body of the email, making them more visible to the user and preventing cyber criminals from faking the brand indicator.
“Groupon relies on social media, messaging applications and email to help local businesses attract and retain customers,” said Torsten Reinert, senior manager Messaging Delivery, Groupon. “By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.”
The first email platform to begin pilot testing based on the standard will be Oath’s Yahoo Mail. By next week, users of Yahoo Mail’s mobile, web and desktop applications will start seeing logos for companies participating in the pilot, which will soon include Aetna, Agari, Groupon and other large brands in the financial services, airline and technology industries.
“This is a win-win situation; the brand has better exposure, better control of their logo, higher engagement on the consumer side, it’s more secure and Yahoo can authenticate emails in our system,” said Marcel Becker, director of Product Management for Oath, the Verizon company that owns Yahoo and AOL.
BIMI logos aren’t just for email. They can be incorporated into any internet-based communications service including social media apps, online services, messaging services and more. It is being developed as an open standard available to any company wishing to implement it, without licensing fees.
“Protecting the privacy and information security of customers is central to Aetna’s mission,” said Jim Routh, chief security officer, Aetna. “By showing our customers which emails and other messages they can trust, we believe brand indicators will make it easier to communicate with our customers while making them more resistant to phishing and other fraudulent emails.”
Email platforms like Yahoo will display BIMI logos only for senders whose internet domains are authenticated via the DMARC (Domain-based Message Authentication, Reporting & Conformance) standard. Domain owners will need to add BIMI instructions to their DNS (Domain Name System) records, including the URL for the location of the file containing the logo. When the standard is complete and fully implemented, domain owners will need to use a trusted third-party authority to verify ownership of the brand and logo.
“Progressive businesses recognise that the right security enables their highest-revenue digital initiatives,” said Ravi Khatod, CEO, Agari. “BIMI is a clear example of moving cybersecurity from the cost to the benefits column, exposing millions of users to brand logos every day.”
While it is expected to increase email security and reduce phishing, BIMI is first and foremost a publishing standard designed to enable the safe distribution of brand logos and trademarked identities on the internet.
BIMI offers strong benefits to CMOs and marketing organisations, including:
- It will provide brands with billions of free brand impressions
- It will let brands publish (and thus control) their logos themselves, ending cumbersome manual coordination with internet application providers to update logos
- Updates to the brand logo will be picked up automatically by email and mobile app platforms
- Different brand logos may be used in email associated with different product lines, specified for different groups of customers or changed seasonally
- It has safeguards to prevent impersonation attempts, meaning the brand is shown only when associated with communication that is actually authenticated as being from your business
The BIMI open standard is being developed by the Authindicators Working Group, chaired by an Agari official. Many of the working group’s members, including Agari, pioneered the development of the DMARC email authentication standard from 2010 to 2013 to stop phishing attacks.
In October 2017, the U.S. Department of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018. BIMI is the next big development in email authentication, providing businesses an economic incentive to authenticate their mail.