Email messages are one of the most important aspects of communication. They are a way to keep in touch with friends and family, and to share important information. But they can also be used to spread misinformation or to scam people. One way that email messages can be used to harm people is by spreading false information. BIMI, or body image management information, is a way to help people understand their body image and how it affects their lives. BIMI can help people learn about their own body, how others see them, and how they can improve their self-esteem. But email messages can also be used for good. Email messages can be a way for people to connect with each other, learn about new things, and share ideas for improving the world. Email messages can also be a way for people to share important information quickly and easily. So, while email messages may not always be perfect, they are still one of the most important ways that we communicate with each other. BIMI will make email messages easier to trust so that they can be used for good instead of harm.
What Is BIMI?
BIMI stands for Brand Indicator for Message Identification, a provider-neutral email specification developed by a body called the AuthIndicators Working Group. BIMI is designed to make email more trustworthy.
Once implemented correctly, BIMI allows brands to show a logo alongside email messages in supported services and email clients. This logo verifies that an email is genuine, providing an easy visual indicator that the message isn’t spam or fraud.
BIMI is still classed as an emerging specification, which means that some brands, email providers, and software platforms don’t support it just yet.
Why Is BIMI Necessary?
A Deloitte report released in 2020 claimed that 91% of all cyber attacks start with a phishing email. The email inbox makes it easy for scammers to cast a wide net, sending out as many messages as necessary to snare a single victim. These scams often target payment processors like PayPal or modern peer-to-peer services like Zelle using email as their preferred method of communication.
While much of the working world has been slowly moving away from email with services like Slack and Microsoft Teams, most people still rely heavily on the service. Your password reset notifications are delivered via email, more retailers than ever are going paperless with email receipts and invoices, and even your bank emails you to tell you when your statement is ready.
Email hasn’t changed a lot since it was first introduced. While there are smarter ways of sifting through your inbox, a renewed focus on healthier email habits, and even improved privacy and spam controls, the mechanisms behind email remain the same overall.
BIMI is a step forward in making email a more trustworthy platform. If you can verify that an email is genuine at a glance, you can also identify those that aren’t. The standard is still a few years away from that stage, but brands, email providers, and other technology companies are laying the groundwork now.
How Does BIMI Work?
The good news is that BIMI requires no work on the part of the recipient of an email to work. The technology leans heavily on Domain-based Message Authentication, Reporting, and Conformance, or DMARC. This email authentication protocol was designed to help prevent the unauthorized use of domain names.
For BIMI to work, a brand must authenticate emails using Sender Policy Framework (SPF), which effectively whitelists mail servers that can send emails from specific domains. In addition, technology known as DomainKeys Identified Mail adds digital signatures to each message to authenticate outgoing emails.
The final step is for DMARC to confirm these records and point to the .SVG file that will appear alongside the email. On top of this, a Verified Mark Certificate (VMC) acts as a form of digital registration to further safeguard the logo used, though BIMI doesn’t require it at rollout.
Once again, only brands need to worry about this infrastructure and incorporating these steps.
Which Services Support BIMI?
Since BIMI is still in the process of being rolled out, support is far from universal at this stage. Fortunately, some of the biggest services have already implemented support for BIMI, including Gmail, Yahoo! Mail, AOL, Fastmail, and Apple Mail in iOS 16 and macOS Ventura.
Whether you’ll see evidence of BIMI in your inbox is another issue entirely. Many brands are not yet on board, though the influence of companies like Google and Apple in accelerating adoption and introducing consumers to the technology can’t be understated.
Much of the buzz surrounding BIMI has (so far) been aimed at brands, marketing professionals, and the IT professionals involved in implementing the standard. Google has produced an explainer for how BIMI’s rollout works in Gmail within Google Workspace.
Even though support at the beginning is limited to Google Workspace, the release gives a good indication of what BIMI looks like in Gmail in terms of desktop and mobile implementation.
Google has used Bank of America as an example, with a view that shows how brand logos are automatically displayed in both inbox and message views. Note that Google allows senders to display images alongside their emails as part of their profile, but this isn’t the same as BIMI.
Even though Apple has also apparently launched BIMI with the release of iOS 16, iPadOS 16, and macOS 13 Ventura, we were unable to see BIMI-verified brand logos in Apple Mail (even from Apple when using an iCloud Mail account).
Yahoo! Mail is also on the BIMI bandwagon, having had support for the standard since 2018. In November 2022, the company announced that it’s making its implementation more robust with verification checkmarks “next to the sending address and logo to indicate that Yahoo has verified that the email was sent by the brand owning the logo being shown.”
More Ways to Stay Safe Online
More sophisticated scams may involve spear phishing or whaling, a form of social engineering.
As email scams have become more prevalent, scammers are turning to phone, text messages, and instant messaging platforms. Be on the lookout for calls from numbers that look suspiciously close to your own, text message or “smishing” scammers, and so-called close relatives asking you to pay a bill or borrow money.