Cloud

3/27/2018
02:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Companies with Secure Email to Gain Unlimited Free Brand Impressions

New BIMI Standard Puts Company Logos on Authentic Email Messages, Increasing Trust

SAN MATEO, Calif., March 27, 2018Agari, a leading cybersecurity company, today announced the first pilot of an online brand standard developed with major email providers Comcast, Google, Microsoft and Oath (Yahoo, AOL) that will offer companies the opportunity to display brand logos for free, increase trust with their customers, and ultimately lead to more revenue by increasing response rates and engagement.

Brand Indicators for Message Identification (BIMI) is a standard way for brands to publish their logos online. It allows logos to be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand, application providers and consumers from impersonation attempts.

Under the draft BIMI standard, email applications display the sending company’s brand logo alongside authenticated emails in the inbox list and within emails themselves. BIMI-sourced logos appear on screen real estate controlled by the email application, not in the body of the email, making them more visible to the user and preventing cyber criminals from faking the brand indicator.

“Groupon relies on social media, messaging applications and email to help local businesses attract and retain customers,” said Torsten Reinert, Senior Manager Messaging Delivery, Groupon. “By increasing consumer confidence in the authenticity of our messages, we believe BIMI will increase response rates, magnifying the power and reach of our marketing efforts.”

The first email platform to begin pilot testing based on the standard will be Oath’s Yahoo Mail. By next week, users of Yahoo Mail’s mobile, web and desktop applications will start seeing logos for companies participating in the pilot, which will soon include Aetna, Agari, Groupon, SparkPost and other large brands in the financial services, airline and technology industries.

“This is a win-win situation; the brand has better exposure, better control of their logo, higher engagement on the consumer side, it’s more secure and Yahoo can authenticate emails in our system,” said Marcel Becker, Director of Product Management for Oath, the Verizon company that owns Yahoo and AOL.

BIMI logos aren’t just for email. They can be incorporated into any internet-based communications service including social media apps, online services, messaging services and more. It is being developed as an open standard available to any company wishing to implement it, without licensing fees.

“Protecting the privacy and information security of customers is central to Aetna’s mission,” said Jim Routh, Chief Security Officer, Aetna. “By showing our customers which emails and other messages they can trust, we believe brand indicators will make it easier to communicate with our customers while making them more resistant to phishing and other fraudulent emails.”

Email platforms like Yahoo will display BIMI logos only for senders whose internet domains are authenticated via the DMARC (Domain-based Message Authentication, Reporting & Conformance) standard. Domain owners will need to add BIMI instructions to their DNS (Domain Name System) records, including the URL for the location of the file containing the logo. When the standard is complete and fully implemented, domain owners will need to use a trusted third-party authority to verify ownership of the brand and logo.

“Progressive businesses recognize that the right security enables their highest-revenue digital initiatives,” said Ravi Khatod, CEO, Agari. “BIMI is a clear example of moving cybersecurity from the cost to the benefits column, exposing millions of users to brand logos every day.”

While it is expected to increase email security and reduce phishing, BIMI is first and foremost a publishing standard designed to enable the safe distribution of brand logos and trademarked identities on the internet.

BIMI offers strong benefits to CMOs and marketing organizations, including:

 

  • It will provide brands with billions of free brand impressions
  • It will let brands publish (and thus control) their logos themselves, ending cumbersome manual coordination with internet application providers to update logos
  • Updates to the brand logo will be picked up automatically by email and mobile app platforms
  • Different brand logos may be used in email associated with different product lines, specified for different groups of customers or changed seasonally
  • It has safeguards to prevent impersonation attempts, meaning the brand is shown only when associated with communication that is actually authenticated as being from your business

 

The BIMI open standard is being developed by the Authindicators Working Group, chaired by an Agari official. Many of the working group’s members, including Agari, pioneered the development of the DMARC email authentication standard from 2010 to 2013 to stop phishing attacks. In October 2017, the U.S. Department of Homeland Security ordered federal agencies with .gov email domains to fully implement strict DMARC policies by October 2018. BIMI is the next big development in email authentication, providing businesses an economic incentive to authenticate their mail.

For more information about BIMI, please see www.BrandIndicators.org.

 

About Agari

 

Agari, a leading cybersecurity company, is trusted by Fortune 1000 companies to protect their enterprises, partners and customers from advanced email phishing attacks. The Agari Email Trust Platform is the industry’s only solution that ‘understands’ the true sender of emails, leveraging the company’s proprietary, global email telemetry network and patent-pending, predictive Agari Trust Analytics to identify and stop phishing attacks. The platform powers Agari Enterprise Protect, which help organizations protect themselves from advanced spear phishing attacks, and Agari Customer Protect, which protects consumers from email attacks that spoof enterprise brands. Agari, a recipient of the JPMorgan Chase Hall of Innovation Award and recognized as a Gartner Cool Vendor in Security, is backed by Alloy Ventures, Battery Ventures, First Round Capital, Greylock Partners, Norwest Venture Partners and Scale Venture Partners. Learn more at http://www.agari.com and follow us on Twitter @AgariInc.

 

# # #

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
jackdenial
50%
50%
jackdenial,
User Rank: Apprentice
10/30/2018 | 8:01:19 AM
Companies with Secure Email to Gain Unlimited Free Brand Impressions
This is really great news that cyber Security Company will offer the opportunity to show the brand logos for free, increase trust with their customers easily. If someone tries to AOL Desktop Gold Download on their system then they have to check their download folder and the install button to install this. 
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
The Case for a Human Security Officer
Ira Winkler, CISSP, President, Secure Mentem,  12/5/2018
Windows 10 Security Questions Prove Easy for Attackers to Exploit
Kelly Sheridan, Staff Editor, Dark Reading,  12/5/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-8651
PUBLISHED: 2018-12-12
A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV.
CVE-2018-8652
PUBLISHED: 2018-12-12
A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1.
CVE-2018-8617
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8618
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-8583, CVE-2018-8...
CVE-2018-8619
PUBLISHED: 2018-12-12
A remote code execution vulnerability exists when the Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, aka "Internet Explorer Remote Code Execution Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Exp...