Cloud

3/27/2018
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Companies with Secure Email to Gain Unlimited Free Brand Impressions

New BIMI Standard Puts Company Logos on Authentic Email Messages, Increasing Trust

SAN MATEO, Calif., March 27, 2018Agari, a leading cybersecurity company, today announced the first pilot of an online brand standard developed with major email providers Comcast, Google, Microsoft and Oath (Yahoo, AOL) that will offer companies the opportunity to display brand logos for free, increase trust with their customers, and ultimately lead to more revenue by increasing response rates and engagement.

Brand Indicators for Message Identification (BIMI) is a standard way for brands to publish their logos online. It allows logos to be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand, application providers and consumers from impersonation attempts.

Under the draft BIMI standard, email applications display the sending company’s brand logo alongside authenticated emails in the inbox list and within emails themselves. BIMI-sourced logos appear on screen real estate controlled by the email application, not in the body of the email, making them more visible to the user and preventing cyber criminals from faking the brand indicator.

“Groupon relies on social media, messaging applications and email to help local businesses attract and retain customers,” said Torsten Reinert, Senior Manager Messaging Delivery, Groupon. “By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.”

The first email platform to begin pilot testing based on the standard will be Oath’s Yahoo Mail. By next week, users of Yahoo Mail’s mobile, web and desktop applications will start seeing logos for companies participating in the pilot, which will soon include Aetna, Agari, Groupon, SparkPost and other large brands in the financial services, airline and technology industries.

“This is a win-win situation; the brand has better exposure, better control of their logo, higher engagement on the consumer side, it’s more secure and Yahoo can authenticate emails in our system,” said Marcel Becker, Director of Product Management for Oath, the Verizon company that owns Yahoo and AOL.

BIMI logos aren’t just for email. They can be incorporated into any internet-based communications service including social media apps, online services, messaging services and more. It is being developed as an open standard available to any company wishing to implement it, without licensing fees.

“Protecting the privacy and information security of customers is central to Aetna’s mission,” said Jim Routh, Chief Security Officer, Aetna. “By showing our customers which emails and other messages they can trust, we believe brand indicators will make it easier to communicate with our customers while making them more resistant to phishing and other fraudulent emails.”

Email platforms like Yahoo will display BIMI logos only for senders whose internet domains are authenticated via the DMARC (Domain-based Message Authentication, Reporting & Conformance) standard. Domain owners will need to add BIMI instructions to their DNS (Domain Name System) records, including the URL for the location of the file containing the logo. When the standard is complete and fully implemented, domain owners will need to use a trusted third-party authority to verify ownership of the brand and logo.

“Progressive businesses recognize that the right security enables their highest-revenue digital initiatives,” said Ravi Khatod, CEO, Agari. “BIMI is a clear example of moving cybersecurity from the cost to the benefits column, exposing millions of users to brand logos every day.”

While it is expected to increase email security and reduce phishing, BIMI is first and foremost a publishing standard designed to enable the safe distribution of brand logos and trademarked identities on the internet.

BIMI offers strong benefits to CMOs and marketing organizations, including:

 

  • It will provide brands with billions of free brand impressions
  • It will let brands publish (and thus control) their logos themselves, ending cumbersome manual coordination with internet application providers to update logos
  • Updates to the brand logo will be picked up automatically by email and mobile app platforms
  • Different brand logos may be used in email associated with different product lines, specified for different groups of customers or changed seasonally
  • It has safeguards to prevent impersonation attempts, meaning the brand is shown only when associated with communication that is actually authenticated as being from your business

 

The BIMI open standard is being developed by the Authindicators Working Group, chaired by an Agari official. Many of the working group’s members, including Agari, pioneered the development of the DMARC email authentication standard from 2010 to 2013 to stop phishing attacks. In October 2017, the U.S. Department of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018. BIMI is the next big development in email authentication, providing businesses an economic incentive to authenticate their mail.

For more information about BIMI, please see www.BrandIndicators.org.

 

About Agari

 

Agari, a leading cybersecurity company, is trusted by Fortune 1000 companies to protect their enterprises, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter @AgariInc.

 

# # #

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Data Privacy Careers Are Helping to Close the IT Gender Gap
Dana Simberkoff, Chief Risk, Privacy, and Information Security Officer, AvePoint, Inc.,  8/20/2018
Ohio Man Sentenced To 15 Months For BEC Scam
Dark Reading Staff 8/20/2018
Intel Reveals New Spectre-Like Vulnerability
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-15667
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emails from an active account without authentication. The handler has no restriction on who can...
CVE-2018-15668
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL parameters for the "send" command with the "attachment_" prefix designate atta...
CVE-2018-15669
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from HTMLIFrameElements are blacklisted. However, other sub-classes of HTMLFrameOwnerElements are...
CVE-2018-15670
PUBLISHED: 2018-08-21
An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the default URL handler. A navigation request is processed by the default URL handler only if t...
CVE-2018-15671
PUBLISHED: 2018-08-21
An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This results in denial of service.