Gmail introduces an update that will help protect users from phishing attempts. This new Gmail phishing prevention update enhances the security of your inbox through the use of verified logos and brand information.
From what is known about the update, it seems gmail users will be much more secured now, since the phishing prevention update will radically bring down domain spoofing and brand impersonation attempts.
So how does it all work? Last year, Google announced the integration with Brand Indication for Message Identifiers (BIMI). BIMI is an industry standard formulated so that maximum users would adopt stronger, better sender authentication protocols. BIMI achieves better sender authentication by allowing email recipients (and their 3rd party email security services) to have more confidence in trusting the source of the email. The BIMI protocol is designed such that it prevents impersonation attacks.
Now, with this new Gmail phishing prevention update, Google brings BIMI support to its email users as well.
The changes that this Gmail Update will bring
With the integration of BIMI support, sending domains that are authenticated with DMARC will derive the most benefits of this Gmail phishing prevention update.
Such organisations will now have the ability to validate the ownership of their corporate logos and branding in their email content. After validation, organisations will be able to securely transmit this information to Google.
When such an email is in transit, it will be under the strict scrutiny of Google’s anti-abuse checks. Once an email passes these checks, the organisation will get a Verified Mark Certificate (VMC). For VMC validated emails, Gmail will display the organization’s logo in the service’s avatar slot. Naturally, if an email does not appear with such an avatar, users will be alerted to suspicious activity. Gmail users (email recipients) won’t have to do anything different to be able to enjoy this feature.
The BIMI support update will go a long way in protecting your brand’s reputation by minimizing domain spoofing attempts. But, to reiterate, the prerequisite for this to work is that you have to have implemented DMARC.
So, if you were believing that DMARC is optional (which it isn’t), let this change your mind. By simply implementing DMARC, you will be able to get the full benefit of the Gmail phishing prevention update.