Skip to content

BIMI security standard rolls out to all Gmail users

  • by
  • 3 min read

Following their announcement of last year’s pilot program of rolling out security features for Gmail, Google has announced that it’ll be rolling out BIMI support for Gmail over the coming few weeks.

BIMI or Brand Indicators for Message Identification is a standard that aims to adopt strong sender authentication for the entire email ecosystem. Using BIMI, email recipients can have increased confidence from an email’s sender and can help in minimising phishing attacks as a majority of these start with sender identity fraud. At the same time, it gives senders an option to provide their audience with a more immersive experience. 

Using this standard, organisations can authenticate their emails using Domain-based Message Authentication, Reporting and Conformance (DMARC). The DMARC is a standard that allows security systems to perform better filtering, separating legitimate messages from potentially fake ones.

Actual authentication or fancy profile pictures?

According to Google Cloud, organisations that authenticate their emails using Sender Policy Framework (SPF) or Domain Keys Identified Mail (DKIM) and deploy DMARC can provide validated and trademarked logos to Google via a VMC or Verified Mark Certificate. 

BIMI can then use identifying authorities, currently Entrust and DigiCert, to verify logo ownerships and provide proof of verification. Once the email passes these checks, Gmail will start displaying its logos in place of the existing avatar. 

The Bank of America has also partnered with Google to roll out BIMI in their email systems, stating, “Bank of America has a wide range of security measures in place to support our customers, and we constantly evolve our program to deliver best in class protection. Part of this effort is our partnership with Google on BIMI, which provides an easy way to validate if correspondence is from us”.

Organisations looking to leverage BIMI need to adopt DMARC and ensure that their logos are verified with VMC. No action is required for Gmail users. The standard also expects to expand support across logotypes and validators. 

In the News: SolarWinds releases patch for actively exploited zero-day vulnerability


Google Meet enforces time limits for free users

Gmail users will now have to face a 60-minute deadline on calls with three or more members. So, 55 minutes into the call, all members will get a notification stating that the call will end soon. The host will have the option to upgrade their account to extend the call; otherwise, it ends in the next five minutes.

Free users on video calls with more than three members will now have a 60-minute limit.

Google has been extending implementing this limit for quite some time now. In April 2020, it was announced that the limit would be implemented on September 30, which was then extended to March 31, 2021, and then again to June 30. 

One-on-one calls will continue to run up to 24 hours for free or enterprise accounts. The upgrade in question here is the $9.99 Workspace individual tier upgrade launched in the US, Canada, Mexico, Brazil, and Japan. Only the host needs to have an upgraded account. 

In the News: FIFA 22: Pre-orders, Price, Release Date and Features

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>