Brand indicators in email

A number of companies in the email industry have been working on a way to better identify authenticated emails to users. One proposal is Brand Indicators for Message Identification (BIMI). A couple weeks ago, Agari announced a pilot program with some brands and a number of major consumer mail providers. These logos should be available in the Yahoo interface now and will be rolling out at other providers.

What is it?

BIMI leverages modern email authentication techniques, and DNS to present users with visual indicators in the mailbox that a message is really from the brand it says. During the pilot program, only the brands enrolled in the program will have their logos presented. If the pilot works out, other brands will be able to take advantage of the technology.
In order for a brand logo to be displayed, the brands must authenticate email using DMARC. This is a much higher bar than simply using SPF or DKIM. There’s also a provision in the standard for a 3rd party to verify the logo ownership.

Why do we need it?

I am not sure we need it, but there are a couple reasons to do something like this. The biggest is to use marketers to help drive adoption of DMARC. Implementing DMARC is not trivial. It takes a lot of work inside a company to identify all the mail streams, make sure they’re all properly authenticated and authorized. Even more, there needs to be process to create new streams. It’s a good thing to do, don’t get me wrong, but it’s a non-trivial amount of work.
One of the ideas behind BIMI is if we can get companies to see an actual marketing benefit to authentication we can get them on board with authentication faster. It’s a reasonable idea. BIMI gives free brand impressions in the inbox in return for securing email the way people think it should be secured.

What are the benefits?

I don’t think I can do better than just quoting Agari’s press release on the pilot program
BIMI offers strong benefits to CMOs and marketing organizations, including:

  • It will provide brands with billions of free brand impressions
  • It will let brands publish (and thus control) their logos themselves, ending cumbersome manual coordination with internet application providers to update logos
  • Updates to the brand logo will be picked up automatically by email and mobile app platforms
  • Different brand logos may be used in email associated with different product lines, specified for different groups of customers or changed seasonally
  • It has safeguards to prevent impersonation attempts, meaning the brand is shown only when associated with communication that is actually authenticated as being from your business

Where can I learn more about BIMI?

BIMI launches to add trusted logos to emails (from Martech Today)
BrandIndicators has a video on how it works. You can also sign up for the beta here.
Agari’s press release on the BIMI pilot program.
It doesn’t stop with email. 

Related Posts

ARC: Authenticated Received Chain

On Friday I talked a little about DMARC being a negative assertion rather than an authentication method, and also about how and when it could be deployed without causing problems. Today, how DMARC went wrong and a partial fix for it that is coming down the standards pipeline.
What breaks?

DMARC (with p=reject) risks causing problems any time mail with the protected domain in the From: field is either sent from a mailserver that is not under the control of the protected domain, or forwarded by a mailserver not under the control of the protected domain (and modified, however trivially, as it’s forwarded). “Problems” meaning the email is silently discarded.
This table summarizes some of the mail forwarding situations and what they break – but only from the original sender’s perspective. (If forwarding mail from a users mailbox on provider A to their mailbox on provider-Y breaks because of a DMARC policy on provider-A that’s the user’s problem, or maybe provider-A or provider-Y, but not the original sender’s.)

Read More

February 2016: The Month in Email

Happy March! Here’s a look back at our last month of email adventures.
Feb2016forBlogIt was a busy few weeks for us with the M3AAWG meeting in San Francisco. We saw lots of old friends and met many new people — all in all, a success, despite the M3AAWG plague we both contracted. Hot topics at the conference included DMARC, of course, and I took the opportunity to write up a guide to help you determine if you should publish a DMARC policy.
On the subject of advice and guidance, Ask Laura continues to be a popular column — we’ve had lots of interesting questions, and are always looking for more general questions about email delivery. We can’t tackle specifics about your program in this column (get in touch if we can help you with that directly) but we can help with questions like “Will our ESP kick us off for mailing purchasers?” or “Help! I’m confused about authentication.
Continuing on the authentication front, I noted that Gmail is starting to roll out some UI to indicate authentication status to users. It will be interesting to see if that starts to affect user (or sender) behavior in any way. In other interesting industry news, Microsoft has implemented an Office 365 IP Delisting page. I also wrote a followup post to my 2015 overview of the state of ESPs and purchased lists — it’s worth checking out if this is something your business considers.
I wrote a post about security and backdoors, prompted by both the FBI/Apple controversy and by Kim Zetter’s talk at M3AAWG about Stuxnet. These questions about control and access will only get more complicated as we produce, consume, store, and share more data across more devices.
Speaking of predictions, I also noted my contribution to a great whitepaper from Litmus that explores the state of Email Marketing in 2020.
As always, we looked at some best practices this month. I wrote up some of my thoughts about data hygiene following Mailchimp’s blog post about the value of inactive subscribers. As always, there isn’t one right answer, but there’s a lot of good food for thought. And more food for thought: how best practices are a lot like public health recommendations. As with everything, it comes down to knowing your audience(s) and looking at the relationship(s), which, as you know, is a favorite subject around here.

Read More

Ask Laura: Do I have to publish DMARC?

AskLaura_Heading3
 

Read More