Humanity vs. Impersonation Email: Endless Battle - BIMI Edition

Hello,
my home LAN cable
is cute from the Cat.3 System Solutions Department.

Recently, a large number of flyers have been dropped in mailboxes at home, and shared trash cans have been a huge hit (I'm sure there are a lot of apartments like this).
Regardless of the effectiveness and goodness of this marketing technique, email is in the same way.

Speaking of emails, it has become a hot topic last year, when Google its email guidelines and announced that if you send more than 5,000 emails a day since February 2024, you need to properly set up authentication settings such as SPF, DKIM, DMARC, etc.

Regarding the status of the implementation of DMARC, a transmission domain authentication technology, announced by the Phishing Prevention Council in February this year , there was a report that the adoption rate of DMARC in Japan was 83%, and that most companies have responded (ProofPoint's survey).
However, authentication such as DMARC can be misused depending on policy settings, so spam and spoofing emails are still constant, even for personal use.

we would like to share the technology called BIMI to put an end to the end of our endless battle with impersonating humanity emails

What is BIMI?

BIMI (Brand Indicators for Message Identification) is allows the email sender's brand logo to the recipient's email client , and is a technology that increases email reliability and brand awareness.
This is a mechanism that displays the logo specified by the sender for emails that have successfully authenticated
DMARC However, as of March 2025, it has not been converted to RFC, and is in
the draft stage by the IETF *After a quick search, PayPay Bank has issued a news release.
*Google announcements in 2021 can be found here

Benefits of BIMI Installation

It is said that there are three main advantages to introducing BIMI.

1. Prevent impersonation emails
The official logo will be displayed in the email, so the recipient can determine that the email is from an authorized sender.
This can be expected to reduce the damage caused by phishing and spoofing emails.

2. Improve brand awareness and reliability
Displaying your logo in your email will make it easier for recipients to notice, increasing brand awareness and reliability.

3. Improved email open rate
2 Although it is close to the reliability of Improved email open rate 2, the brand can be visually recognized, making it more likely that recipients will open the email.

However, as a disadvantage or a loophole, if the DMARC policy setting is not set to " p=quarantine " or " p=reject ", there is no possibility that a fake logo will be used.

A rough procedure for implementing BIMI

To install BIMI, you need to follow the steps below: Honestly, there may be a bit of a technical hurdle.
Reference: Gmail Procedure

1. Configuring outbound domain authentication
First, configure the basic SPF, DKIM, and DMARC to ensure legitimacy of the outbound domain.
*DMARC authentication is required for BIMI

Create a brand logo in SVG format that will be displayed in
the logo preparation In this case, security requirements must be met.
*Security requirements are listed separately in "5.2 SVG" in RFC6170

3. Obtain the VMC (Verified Mark Certificate)
Get the VMC, a certificate to prove the validity of the logo.

4. Add DNS Records
Add a TXT record for BIMI to your company's DNS and specify the location of the logo and information about the VMC.
Note: Adding BIMI TXT records with a domain provider

BIMI summary

As mentioned above, there are certain technical hurdles to the introduction of BIMI, such as setting up DMARC and preparing the SVG logo.
However, by overcoming these challenges, businesses in particular can hope to improve both email security and brand value.
(It may become widely used if it is converted to RFC in the future)
I hope that more email clients will comply with this standard.

complete