Google launches BIMI pilot to bring verified brand logos to Gmail

Google is unveiling a handful of security features today, including support for a new email specification that enables verified brands to display their logos in the Gmail avatar slot — regardless of who the sender’s email client or service provider is.

Brand Indicators for Message Identification (BIMI) is an emerging specification that allows companies to deploy their brand logo consistently across email clients. BIMI is a broad industry effort, with a working group consisting of Twilio’s SendGrid, LinkedIn, Validity, Fastmail, Valimail, Verizon Media, and — as of last June — Google. Up until now, BIMI had only been fully adopted by Verizon’s email clients (Yahoo and AOL), but as Gmail is one of the most widely used email clients in the world, its inclusion represents a landmark for the BIMI specification.

BIMI will only work with brands that have adopted the email authentication protocol DMARC (“Domain-based Message Authentication, Reporting and Conformance”), which helps protect email domain owners from spoofing. The logo itself has to be validated by a third party that issues a new type of certification known as a Verified Mark Certificate (VMC).

While BIMI is partly about creating a consistent brand image across email clients and services, it’s also designed to bring some peace of mind to email recipients, who can instantly see that the sender is who they claim to be.

CNN is one of the companies on board for the initial rollout.

Above: CNN is among the first companies to sign up for Gmail’s new BIMI support

Google said it will officially start its BIMI pilot “in the coming weeks” and has two logo certification authorities on board for launch: Entrust Datacard and DigiCert. A full-scale launch is expected later this year.

Admin controls

Google also announced some G Suite updates around mobile device management (MDM), including an integration with Apple Business Manager that allows admins to manage and distribute iOS devices across the company.

Tying into this, the G Suite admin dashboard has been redesigned to more clearly show the number of devices managed by each service.

Above: Google mobile device management dashboard

Google also announced new features for its Data Loss Prevention offering, with admins now able to use “automated” information rights management (IRM) controls to prevent employees or contractors from downloading or copying documents from the cloud. While IRM was already a core part of Google’s offering, admins can now scan all their files in Google Drive and automatically apply the preset document access rules to all users in an organization.

Above: Google’s information rights management (IRM)

Today’s news follows a handful of recent security announcements for Google’s video-communication service Google Meet and team messaging platform Google Chat. In Meet, administrators and hosts will soon have more control over who can request access to a meeting. Hosts can already require anyone who wasn’t invited to “knock” before being admitted to a meeting. In the future, anyone who is ejected from a meeting won’t be able to knock again — they will only be able to join if they are invited.

Hosts will be given additional controls over which avenues for joining a meeting require approval. For example, someone who clicks on a calendar invite could be allowed to enter a meeting while someone who tries to dial in from a phone would need to be explicitly approved. These “safety locks” can also be used to prevent anyone who isn’t logged into their Google account from joining a meeting. Additional controls will enable hosts to manage which attendees can chat and present within the meeting.

Above: Google Meet is getting new security features

Google also recently announced it would be expanding the Gmail phishing protections it has built into Chat, meaning if a user clicks on a link sent via Chat it will be scanned automatically and Google will issue a warning if the link is found to be malicious.