BIMI Logos – Another Way to Stop Email Spoofing

Tony Redmond · ‎Dec 06 2018

Brand Indicators for Message Identification (BIMI) is a new industry effort to help identify email from reputable companies by displaying their logo alongside email (and potentially other items) in applications.

https://office365itpros.com/2018/12/06/bimi-office365/

Joshua Bines · ‎Jul 21 2020

@Tony Redmondincentivising the dmarc records to move from p=none i think is a great idea might get the exec's on board. According to June 1 still no take up from MS https://bimigroup.org/bimi-adoption-june-2020/

Paul Bendall · ‎Oct 08 2020

Glad I found this article and as @Joshua Bines points out the situation hasn't changed as of June 2020 according to BIMI working group. I would go further and suggest, like one of the commentators on @Tony Redmond original page, that Microsoft are muddying the waters and confusing both implementers and recipients.

The "new" Microsoft approach was supposed to be more open standards orientated and they have made some good progress in this area. However, lack of DMARC reporting and BIMI support is very disappointing in overcoming phishing/SPAM as an industry wide initiative.

Jonas Back · ‎Apr 12 2021

October 2020 and still no support from Microsoft: https://bimigroup.org/bimi-adoption-october-2020/

Kevin Taber · ‎Jul 22 2021

@Tony Redmond Google recently touched upon BIMI again (7/12)...as did Postmark (7/13). As long as DMARC has been around, it's sad how few have implemented. Hopefully this can gain traction.

https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace

https://postmarkapp.com/blog/what-the-heck-is-bimi#how-do-you-implement-bimi

David Westgate · ‎Aug 05 2021

@Kevin Taber I still cannot believe the slow uptake on DMARC and really confused around the lack of BIMI on Microsofts Part. Both of these are great initiatives at reducing the prevalence of security events in the email space as it relates to PHISHING and targeted attacks. Come on Microsoft, time to prioritise the easy wins and listen to the community and commentators like @Tony Redmond

the_bear_glitch · ‎Aug 03 2022

@David Westgate @Tony Redmond a year later, anyone know if Microsoft changed their stance in BIMI?

Would be interesting to know why Microsoft have not yet shown interest.

Joshua Bines · ‎Aug 03 2022

Not that I have seen myself. My take is: the worry is around the verification on the image itself. In theory you could create any domain such as fakedomain.com add anyone's bimi image and as long as the email passes dmarc BIMI enabled services will display the image. If there is wider adoption of BIMI I can see how a spoofed email would appear more legit to users in this scenario. I imagine the user comments would go something like 'but it had the logo of course I clicked on the link...' That said I'm sure a well designed spam filter should be able to handle and filter out most these attacks. Other thoughts?

Update: Google is using Verified Mark Certificate (VMC) to get around this issue but it appears the scope is limited.

How BIMI Avoids Unauthorized (or Fraudulent) Use of Logos - BIMI Group

Kevin Taber · ‎Aug 03 2022

Since an Mark Verifying Authority (MVA) will have to verify the domain owner and brand/logo, like an EV certificate, hopefully it helps prevent most of the malicious attempts. It's fairly strict I thought.

It will at least aid in the adoption of DMARC. I wish it was a requirement to have DMARC in place when owning a domain name. Heck there's still many that don't use SPF.

ahmet_abdagic · ‎Sep 06 2022

Hello @Tony Redmond and @Joshua Bines. Do you have any news about that Microsoft plans to support in Office 365 and Exchange Brand Indicators for Message Identification (BIMI). My organization has a plan to implement for security reason, but we need your confirmation because that we must know about feature action.

Please can you check closest date for public support of BIMI in office 365.

Thanks

lakeofthewoods · ‎Nov 09 2022

Bump. At this point you would think MS has BIMI on the roadmap and an ETA or they don't and have no plans to support it? @Tony Redmond

Laurent Gébeau · ‎Dec 10 2022

At this point it start to be very noticeable, and used by competition against Office 365, so urgent to have an official statment somewhere

Stephen_Enright · ‎Jan 06 2023

@Laurent Gébeau

Just going to chime in here and say that I wish Microsoft would implement BIMI. Our organization is rolling it out presently. But the conversations is a bit awkward when we're trying to advocate internally for a standard when the software that we use ourselves doesn't adhere to that very standard...

Lukas123 · ‎Feb 13 2023

Any news @microsoft? Supported vendors are growing, Apple works now too. We miss Microsoft!
https://bimigroup.org/bimi-infographic/

JasonGates895 · ‎Feb 17 2023

Microsoft, get moving please, we need BIMI

BIMI Logos – Another Way to Stop Email Spoofing

BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Re: BIMI Logos – Another Way to Stop Email Spoofing

Products (64)

Special Topics (44)

Video Hub (976)

Most Active Hubs

Most Active Hubs

Video Hub

BIMI Logos – Another Way to Stop Email Spoofing