BIMI: Fighting Back Against Fraudsters Targeting Your Clients

new email notification popping out from a laptop

Have you ever opened your inbox and noticed more and more company logos populating your notifications? This is more than just an aesthetic choice – it is a strategic and safe way to tell customers that an email is legitimate, and a crucial defense mechanism for a brand’s reputation.

A new email standard to fight cybercrime

“BIMI stands for Brand Indicators for Message Identification. It’s a new standard for emails and valuable marketing tools for any company,” says Binh Rey, General Manager of IPH online automated trademark application platform, Applied Marks. “The purpose of a BIMI is to authenticate the domain name that an email comes from. This requires companies to produce a logo that’s small enough to be identifiable on an email notification or listing.”

Adopting a BIMI for communication practices is becoming increasingly important as cybercrime increases globally. Phishing scams, fraudulent emails often featuring misleading links or instructions which aim to steal personal data or money, now land in inboxes across the globe approximately 3.4 billion times every day. While education on how to detect a phishing email is key, BIMI allows consumers trust in companies they deal with, able to quickly know that this one is legit.

“Education around phishing emails is growing as they become more prominent in our day to day – but because of their high volume, we often don’t have time in our busy schedules to assess each email we receive, particularly if it is spoofing a company we do deal with. BIMIs allow clients to skip this mental assessment and trust that an email is coming from someone legitimate,” says Rey.

Trademark protection to defend your clients

For an organisation to secure a BIMI, they must first own the trademark for the image they have selected.

“That way the provider that approves your BIMI can identify that you own the brand. They won’t allow you to start the BIMI process without a trademark registration,” says Rey.

To work effectively as a BIMI, it’s important for the chosen trademark to be easily comprehensible and recognisable as a representation of your brand within a very small space. On a phone screen, the size of a BIMI is only roughly 7x7mm.

Applied Marks recently advised Australian removalist company, Holloway Removals & Storage (Holloway), when securing a trademark intended for use as a BIMI.

“Holloway depend on email correspondence to send clients updates about where their goods are, when they are arriving and other critical information, so safe and reliable communication is essential. They had been using a shortened “H” logo for several years but had not yet secured this logo as a trademark. Through our guidance they were able to secure this trademark and are in the process of obtaining BIMI authentication for their emails,” says Rey.

It’s important to note that when registering a new, small trademark to secure a BIMI, it must still be unique and distinct within its relevant market. Though Holloway’s “H” logo is quite simple, its use of brand colours and distinct font and border made it viable for registration. In Holloway’s case, evidence of extensive use over the years overcame the issues raised by the IP Australia Examiner.

Empowered through domain name registration

BIMI’s appear on email correspondence through registration to domain names, attaching to any email with this selected domain name. This way emails that come through, regardless of department or sender, will display the BIMI if the domain name is included.

For example, an email from [email protected], [email protected] and [email protected] would all display the same BIMI, as they share the registered domain name.

BIMI is attached to domain names as an extension of the “DMARC” ecosystem – Domain-based Message Authentication Reporting and Conformance. Domains protected by DMARC can analyse email message content and origins and run authentication checks, identifying cybercrime attempts when they occur. For a BIMI to appear, it must pass DMARC authentication.

Shielding your clients from financial fraud, and your company’s reputation

“Obtaining the BIMI standard provides your clients with a safer inbox experience when dealing with your company. When the recipient scrolls through their inbox, they can quickly recognise if an email is safe to open, because they know it’s coming from a trusted source. It develops more trust in your brand by reducing the chance of emails being spoofed,” Rey explains.

Implementing a BIMI is an impactful way to build trust with customers and clients – without a BIMI, your clients could be at risk, opening your reputation to potential harm.

“BIMI is a new technological standard that has been adopted by well-established brands such as LinkedIn, the New York Times and Australia Post. However, it is also affordable to small to medium size businesses. The cost to implement BIMI could start from $5000 to $8000 AUD per year – a small price to pay for securing your brand’s reputation, and protecting your clients’ online safety,” says Rey.

“BIMI tackles both security and brand reputation – if a client has been scammed by a third party using their name, it’s still a hit on their reputation. If you can reduce the reputation harm for your firm, then it’s worth it. It’s great to see more and more organisations going through the process of investing in trademarks and using these trademarks to establish trustworthy business practices.”