Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

3/27/2018
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Companies with Secure Email to Gain Unlimited Free Brand Impressions

New BIMI Standard Puts Company Logos on Authentic Email Messages, Increasing Trust

SAN MATEO, Calif., March 27, 2018Agari, a leading cybersecurity company, today announced the first pilot of an online brand standard developed with major email providers Comcast, Google, Microsoft and Oath (Yahoo, AOL) that will offer companies the opportunity to display brand logos for free, increase trust with their customers, and ultimately lead to more revenue by increasing response rates and engagement.

Brand Indicators for Message Identification (BIMI) is a standard way for brands to publish their logos online. It allows logos to be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand, application providers and consumers from impersonation attempts.

Under the draft BIMI standard, email applications display the sending company’s brand logo alongside authenticated emails in the inbox list and within emails themselves. BIMI-sourced logos appear on screen real estate controlled by the email application, not in the body of the email, making them more visible to the user and preventing cyber criminals from faking the brand indicator.

“Groupon relies on social media, messaging applications and email to help local businesses attract and retain customers,” said Torsten Reinert, Senior Manager Messaging Delivery, Groupon. “By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.”

The first email platform to begin pilot testing based on the standard will be Oath’s Yahoo Mail. By next week, users of Yahoo Mail’s mobile, web and desktop applications will start seeing logos for companies participating in the pilot, which will soon include Aetna, Agari, Groupon, SparkPost and other large brands in the financial services, airline and technology industries.

“This is a win-win situation; the brand has better exposure, better control of their logo, higher engagement on the consumer side, it’s more secure and Yahoo can authenticate emails in our system,” said Marcel Becker, Director of Product Management for Oath, the Verizon company that owns Yahoo and AOL.

BIMI logos aren’t just for email. They can be incorporated into any internet-based communications service including social media apps, online services, messaging services and more. It is being developed as an open standard available to any company wishing to implement it, without licensing fees.

“Protecting the privacy and information security of customers is central to Aetna’s mission,” said Jim Routh, Chief Security Officer, Aetna. “By showing our customers which emails and other messages they can trust, we believe brand indicators will make it easier to communicate with our customers while making them more resistant to phishing and other fraudulent emails.”

Email platforms like Yahoo will display BIMI logos only for senders whose internet domains are authenticated via the DMARC (Domain-based Message Authentication, Reporting & Conformance) standard. Domain owners will need to add BIMI instructions to their DNS (Domain Name System) records, including the URL for the location of the file containing the logo. When the standard is complete and fully implemented, domain owners will need to use a trusted third-party authority to verify ownership of the brand and logo.

“Progressive businesses recognize that the right security enables their highest-revenue digital initiatives,” said Ravi Khatod, CEO, Agari. “BIMI is a clear example of moving cybersecurity from the cost to the benefits column, exposing millions of users to brand logos every day.”

While it is expected to increase email security and reduce phishing, BIMI is first and foremost a publishing standard designed to enable the safe distribution of brand logos and trademarked identities on the internet.

BIMI offers strong benefits to CMOs and marketing organizations, including:

 

  • It will provide brands with billions of free brand impressions
  • It will let brands publish (and thus control) their logos themselves, ending cumbersome manual coordination with internet application providers to update logos
  • Updates to the brand logo will be picked up automatically by email and mobile app platforms
  • Different brand logos may be used in email associated with different product lines, specified for different groups of customers or changed seasonally
  • It has safeguards to prevent impersonation attempts, meaning the brand is shown only when associated with communication that is actually authenticated as being from your business

 

The BIMI open standard is being developed by the Authindicators Working Group, chaired by an Agari official. Many of the working group’s members, including Agari, pioneered the development of the DMARC email authentication standard from 2010 to 2013 to stop phishing attacks. In October 2017, the U.S. Department of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018. BIMI is the next big development in email authentication, providing businesses an economic incentive to authenticate their mail.

For more information about BIMI, please see www.BrandIndicators.org.

 

About Agari

 

Agari, a leading cybersecurity company, is trusted by Fortune 1000 companies to protect their enterprises, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter @AgariInc.

 

# # #

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jackdenial
50%
50%
jackdenial,
User Rank: Apprentice
10/30/2018 | 8:01:19 AM
Companies with Secure Email to Gain Unlimited Free Brand Impressions
This is really great news that cyber Security Company will offer the opportunity to show the brand logos for free, increase trust with their customers easily. If someone tries to AOL Desktop Gold Download on their system then they have to check their download folder and the install button to install this. 
Florida Town Pays $600K to Ransomware Operators
Curtis Franklin Jr., Senior Editor at Dark Reading,  6/20/2019
Pledges to Not Pay Ransomware Hit Reality
Robert Lemos, Contributing Writer,  6/21/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12280
PUBLISHED: 2019-06-25
PC-Doctor Toolbox before 7.3 has an Uncontrolled Search Path Element.
CVE-2019-3961
PUBLISHED: 2019-06-25
Nessus versions 8.4.0 and earlier were found to contain a reflected XSS vulnerability due to improper validation of user-supplied input. An unauthenticated, remote attacker could potentially exploit this vulnerability via a specially crafted request to execute arbitrary script code in a users browse...
CVE-2019-9836
PUBLISHED: 2019-06-25
Secure Encrypted Virtualization (SEV) on Advanced Micro Devices (AMD) Platform Security Processor (PSP; aka AMD Secure Processor or AMD-SP) 0.17 build 11 and earlier has an insecure cryptographic implementation.
CVE-2019-6328
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6329.
CVE-2019-6329
PUBLISHED: 2019-06-25
HP Support Assistant 8.7.50 and earlier allows a user to gain system privilege and allows unauthorized modification of directories or files. Note: A different vulnerability than CVE-2019-6328.