Google LLC today announced a small but potentially important email security update.

It’s adding full support for the emerging Brand Indicators for Message Identification standard in Gmail. BIMI, as it’s called, helps email recipients to know that the message they’re receiving is an authentic one.

The BIMI specification works by allowing companies to display their logos as an icon next to email senders’ names on every email they send. It’s meant to increase confidence in the source of emails.

It’s a simple idea: If users see the official logo of, say, Bank of America Corp., they can trust that the message really did come from that organization, rather than from some crafty hacker phishing for their bank login credentials.

The BIMI standard provides more than just a visual cue for email recipients, though. As Neil Kumaran, a senior product manager of Counter-Abuse Technology at Google, and his colleague Wei Chuang, a senior software engineer at Gmail Security, explained in a blog post, the standard also helps to improve automated email security systems too.

“BIMI enables organizations that authenticate their emails using Domain-based Message Authentication, Reporting and Conformance (DMARC) — a standard for providing strong sender authentication that allows security systems to perform better filtering, separating legitimate messages from potentially spoofed ones — to validate ownership of their logos and securely transmit them to Google,” Kumaran and Chuang wrote. “BIMI is designed to be easy: for organizations with DMARC in place, validated logos display on authenticated emails from their domains and subdomains.”

Google introduced support for the BIMI standard in Gmail in a pilot project last year. That support is now being rolled out to all users, it said today.

Bank of America happens to be a big supporter of BIMI: “Bank of America has a wide range of security measures in place to support our customers, and we constantly evolve our program to deliver best in class protection,” it said in a statement today. “Part of this effort is our partnership with Google on BIMI, which provides an easy way to validate if correspondence is from us.”

Kumaran and Chuang said there will be more to come from BIMI. The standard’s designers are planning to expand support for various new logo types and validators, they said. That’s important, they said, because logos are a common target of impersonation, so users need to be sure they can be trusted.

“Today, Entrust and DigiCert support BIMI as Certification Authorities, and in the future the BIMI working group expects this list of supporting validation authorities to expand further,” they said.

Google said organizations that want to take advantage of BIMI must first adopt the DMARC standard and register a validated logo with one of the above certification authorities. Gmail users don’t have to do anything, other than rest assured that if they see an official logo it means the message they’re reading was definitely sent from the organization that they think has sent it.

Image: Google