CATEGORY: DeliverabilitySecurity

Email Authentication: Gmail's checkmark

After adding support for verified brand logos in 2021, Gmail is now going further by adding a blue checkmark to emails.

The existing system is based on the Brand Indicators for Message Identification (BIMI) standard, where brand logos appear in the “avatar slot” next to the sender’s name and address.

 

Google has recently introduced an officially verified blue checkmark called "Brand Indicators" to help differentiate between fake and real brand emails in Gmail. This new feature aims to provide an additional layer of security and trust for users by ensuring/demonstrating that verified brand emails come from legitimate sources.

The Brand Indicators for Message Identification (BIMI)

The Brand Indicators for Message Identification (BIMI) system was introduced in 2020 and initially used to confirm brand logos on an email's avatar slot. With the recent update, Google has expanded the BIMI system to include the blue checkmark, providing further confirmation of a brand's authenticity.

To obtain the blue checkmark, brands must voluntarily use Domain-based Message Authentication and have their logo validated. This helps users differentiate between legitimate brand emails and potential spam or malicious emails.

How to Get a Blue Checkmark in Gmail

To receive a blue checkmark on Gmail, organizations must set up SPF, DKIM, and DMARC, which are technologies that help secure email. Here's a step-by-step guide on how to achieve this:

1. Set up DKIM: Go to Apps > Google Workspace > Gmail > Authenticate email and follow the instructions to set up DKIM for your domain. This involves creating another record on your DNS specific to your domain.

2. Set up VMC: Google requires your logo to be trademarked and registered with a Verified Mark Certificate (VMC) authority, such as DigiCert or Entrust. Sign up with a VMC provider, upload the certificate to your website, ensure it's public-facing, and take note of it for future use.

3. Set up BIMI: Convert your logo to a Tiny SVG 1.2 format and ensure it meets the required specifications by running it through a verification tool. Upload the logo to your website, making it publicly accessible. Create your BIMI record using a generation tool and add it to your DNS as a TXT record, appending the links to your logo and PEM certificate issued by your VMC provider.

To check if you've done everything correctly, use the BIMI inspector tool. Once your domain and logo are verified, the blue checkmark should appear next to your emails in Gmail.

Impact on Email Users

The introduction of the blue checkmark in Gmail is a step towards improving email security and reducing the number of fake spam or malicious emails users receive. Although Gmail has made several updates to its spam filters, this new verification system can potentially limit the amount of unwanted emails reaching users' inboxes.

However, it's important to note that while the blue checkmark provides an additional layer of security and trust, users should still exercise caution when interacting with emails, especially those containing links or attachments.

BIMI continues to gain traction

This further demonstration of trusted status in the inbox is something that brands need to take increasingly seriously. With the support of BIMI announced by Apple with the launch of IOS16, (See the update list of supporting ISPs as of May 2023) and this new visual cue introduced by Google further emphasises the importance of both email authentication and external demonstration of trustworthiness – with the knock-on effect, as BIMI continues to gain traction, is that the risk of email recipients distrusting emails by default and genuine brands/organisations not being trusted if they don’t have the appropriate marks.

Al Iverson, Deliverability Consultant and BIMI expert for deliverability tools company Kickbox agrees.

“BIMI adoption is growing, and the addition of Apple support (and Gmail’s blue checkmark) are only going to speed up adoption. At some point this will hit a critical mass where a savvy Gmail subscriber will question the trustworthiness of mail that lacks that fancy new verified checkmark. Best to start preparing sooner, rather than later.” Al noted that internet service provider (ISP) support for BIMI continues to grow as well. BIMI support recently came to Polish service provider Onet, bringing the number of supported mailbox providers to eight.

As the situation evolves, it makes adoption of BIMI close to business critical if you are using email as a principle comms channel.

Watch this space..