In the face of the ever-growing threat of cyberattacks disguised in emails from phishers, impostors and other increasingly sophisticated security scammers, Google has launched a tool to allow organizations to fight back by badging their emails with authenticated brand logos. The AuthIndicators Working Group, the developers of the authentication standard, announced that Gmail is widely supporting its standard, which will help assure Gmail's approximately 1.8 billion users of the origins of the emails they receive, reducing the risks of a user opening a disguised malicious email or, alternatively, refusing to open an authentic one.

The industry-created Brand Indicators for Message Identification (BIMI) standard is an email specification that builds on the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard, which already works against disguised malicious emails. DMARC authentication ensures that an organization's domain has not been impersonated, and BIMI leverages DMARC protection by showing the brand logo in the recipient's inbox. In short, DMARC validates emails, and BIMI validates logos in email headers. Brand owners and consumers both benefit from the lowered risk of authentic emails being associated with phishing or other security scams.

To enable the new logo-verification feature, organizations will need to verify and prove logo ownership before Google will apply a validated trademark logo as an authenticated badge in the existing avatar slot. If an organization already supports the DMARC standard, they may be able to acquire a Verified Mark Certificate (VMC) to facilitate the process. VMCs are already connected to registered trademarks from certain jurisdictions, and more jurisdictions – and unregistered trademarks – may be included in the future. The new feature will be accessible or automatically added to the nearly 2 billion Gmail accounts. As the feature is implemented over the coming weeks, organizations may want to consider verifying their brand logos to increase consumer trust. Organizations failing to do so could risk reputational harm by losing the confidence of consumers wary of unverified communications.