Where to Listen
BIMI is a new TXT record that sits on your servers and verifies your brand identity. It’s an exciting new way to verify and validate a brand logo to reduce email spoofing and phishing.
In this podcast, Matthew Verhout and Seth Blank discuss how BIMI will affect the email industry and what it means to the marketers and users. Let’s dive in the depths of what BIMI and hear about this new technology from the ones helping develop it!
- What’s BIMI, and do you need it?
- How is BIMI different from the existing DMARC, DKIM, and SPF authentication records?
- Will BIMI help improve brand identity?
- What changes on the user-end?
- How to implement BIMI for your brand?
- What does the introduction of BIMI mean for the email industry?
[00:00:00] Dennis Dayman: Well, hello everybody and welcome to another episode of, ForTheLoveOfEmail podcast by Netcore Solutions. As I’m Dennis Daymon, your host of this podcast and the Netcore team is continuing to work hard these past few months on bringing us great stories and information and all sorts of advice from all different experts around the world when it comes to email and your digital marketing.
So this week we’re going to be talking about something of interest and something that’s changing. We’ve talked a lot about, different things from, list management. We’ve talked about, some of the policies and procedures around privacy issues.
[00:00:36]We have even talked a little about maintenance and things too, but today, we’re going to talk about something called BIMI and how it is gaining brands, the ability to get consumer confidence. And what we’ve done here this week is we’ve brought in two industry leaders for this, to chat about what we call BIMI. And BIMI, if you don’t know what that is, stands for Brand Indicators for Messaging Identification
[00:00:58]I know that’s a mouthful, but we brought in some really good friends of ours. We brought in one, Seth Blank from Valley mail, who is the VP of standards and new technologies, but he’s also the chairperson of the BIMI working group. Welcome, Seth to the podcast.
[00:01:14] Seth Blank: Thanks, Dennis. I’m excited to be here. I talked about BIMI with you in that.
[00:01:19] Dennis Dayman: Great! And some of you already also know Matt Vernhout, who is a really good friend of mine. So yeah, I got your last name, right this time who is also with Netcore now and he’s also the communication chairs for BIMI. So again, Matt, it’s going to be working with you on this welcome to the podcast. Yeah.
[00:01:34] Matthew Verhout: Thanks, Dennis. And in your after 18 years, I’m glad you finally got it. Sorry.
[00:01:40] Dennis Dayman: Well, as I said, folks, BIMI is a, is a great new standard. And just to kind of give you a very high level, but we’re going to let the experts even talk more about this is, this is an email standard that’s developed in collaboration with several other companies within the email space.
[00:01:54] And this is typically how these new standards and ideas come out. Folks like Matt and Seth and all of us come together to think and talk about these ideas. And when we do this right, then we come up with a standard. This was a similar process in which SPF DKIM and other things DMARC all kind of come around.
[00:02:12] And BIMI is very similar in that sense, in terms of how the industry has come together to keep the email channel viable for brands and for marketers to be able to use. And even for us as consumers, outside of that, just our personal communications. And the way that BIMI is working is that it displays a brand’s logo inside of the inbox.
[00:02:30] Right. So if you’re using any sort of online platform today, you sometimes get initials or maybe even if the person has put their profile in, and they put a picture, you’ll see a little image of them. And this is a way to sort of show to the consumer that this email has been authenticated and that it can be trusted.
[00:02:49] And when that brand is visible, right, you are also from a, from a brand perspective that you’re getting that tangible reward in terms of brand impressions. And, and hopefully, to be honest, it converts into open rates and other things as well. And this is a really good way for you to secure email, not only for yourself but also for consumers too.
[00:03:07]This is something that’s now been currently supported by Verizon, Yahoo mail, AOL. And if you’ve been watching just in the last week or so, even Gmail has announced their support for the BIMI project by doing a pilot program. So really BIMI is an extra layer of authentication and security for your emails.
[00:03:23] And again, it allows you to aid in that consumer competence in brand equity. Now that we sort of explained that let’s sort of get into the meat and details of this and let our experts talk a little bit about that. So guys, again, welcome to the podcast. And I think the first thing that we wanna talk about here is, and even for myself is, if we have authentication protocols like I was talking about earlier, SPF DKIM DMARC.
[00:03:47] Why did we need many in all of this?
[00:03:51] Seth Blank: So I think that’s the core question. That’s the meat of where BIMI came from and why we’re putting so much effort into getting it widely deployed. Right. And it’s straightforward. Large brands don’t use DMARC and then they open themselves up to tremendous amounts of phishing, which harms the brand, it harms their customers and consumers and their employees.
[00:04:19]And the question is how do you get large organizations that are huge phishing targets to do the right thing, close off those vectors. And those one conversation that was going on the ecosystem. The other conversation was going on with brands want their logo to display.
[00:04:37] And there were a bunch of pilots around that technology in lots of different ways. most of which were not successful, for security reasons. And so the ecosystem said, let’s marry these two initiatives. Let’s give an incentive. Right. Let’s just call it. What is the incentive for brands?
[00:04:55] If you do the right things, that logo you want to display, we’re going to give that to you.
[00:05:00] Right. And, that initiative, marry them together, got people excited. And it looks like it’s driving the key authentication that truly secures the ecosystem in a way that that’s deeply powerful. Now it’s not full security, right? There are lots of other attack vectors. But if you are, if you’re sending from thedaemons.com or whatever, your brand is, right.
[00:05:26] You can protect that completely. And then if you do that, now you can also bring your logo to play. And there are some compelling data from the Yahoo!pilot that when you bring your brand logo into the inbox, you increase open rates, you increase click-throughs and increase overall engagement. And that’s exciting for a brand!
[00:05:48] And that’s something that mailboxes, are interested in providing if you do the right things and follow best practices and make sure you’re sending securely. And so we can win, win, win for absolutely everyone.
[00:06:05] Matthew Verhout: The one thing I would add to that is it does remove some of the human error that we’ve seen in some of the past visual indicator type solutions you’ve seen.
[00:06:16] So, probably the one that stands out for me most is, an agency in England called DIY and in the US everyone knows the DIY network. And for a while, one of the major mailbox providers was displaying the wrong logo for the brand, due to human error. Because yeah, those systems are prone to human error, evaluating a domain name and a logo, and trying to make that match.
[00:06:39] What BIMI allows as a brand to have a consistent logo across multiple platforms, that they manage that’s tied directly to their domain name, verified with the certificate to say, you own the brand, you own the domain, this is my logo, please display it. I also think BIMI has multiple uses beyond just email display.
[00:07:01] We’ll get to that.
[00:07:02] Seth Blank: Yeah. Yeah.
[00:07:04] Dennis Dayman: Go ahead.
[00:07:06] Seth Blank: Even further than what Matt said is the way logos display in mail clients today is deeply haphazard and sources can be from Twitter, it can be from a Google search or a Bing search. It could come from Facebook and if you’re a brand, you have no control or awareness.
[00:07:25] And if something’s wrong, it’s really painful to figure out how to address it. And this gives you consistency and control as a brand. And that’s exciting and powerful and has never existed before. And it sort of democratized, this is the display of logos and that’s exciting because it’s not just for the biggest of the big, it can scale to any brand.
[00:07:48] Dennis Dayman: It’s funny how I think about the years of us all participating and the different ITF standards around, the authentication protocols, but also trying to involve the marketers in these sorts of discussions. And we’ve always seemed to have lost the marketers in those discussions and it became more of a technical solution.
[00:08:05] And then another other area it’s always been more of a marketing solution and not so much a technical problem. And what you would hear from people, who were moving from ESPs as an example, it was like, hey, you guys need to get your, a technical team on this because there need to be some DNS changes that have to be made or whatever.
[00:08:22] And this is kind of neat I think, from the BIMI perspective, because you’re bringing you in both teams into this. You have the technical guys, but you also have the marketers that want that brand recognition that want, that opens in those clicks and whatnot. Right. So I, I kind of wonder if this is not only gonna save email in a sense, not save it, but make some changes, but if it’s going to start bringing those teams together, but Seth, you make a very good point here, right?
[00:08:44] That, when you’re also seeing these nefarious sorts of things happening where it is may or may not be Twitter, or it may not or may not be this right. BIMI will be different things. It will mean different things to consumers from that security standpoint. And that’s something that even I’m still struggling with here in my household, some of you guys know we’ve had our recent security issue.
[00:09:05]And it happened because of my children and they’re 19 though. Right. And you would almost think that they would know what they’re doing to some extent, but from a security point of view, trust, if they are getting these sorts of emails with BIMI and logos and stuff, what is that mean to them now?
[00:09:20] Like, what does that, what should the consumers be doing with this sort of stuff then.
[00:09:25] Seth Blank: So, this is a truly important question to which they’re there, there’s a clear answer and it’s not as satisfying as you want it to be. At the end of the day, BIMI is not actually about your user trust and what people are, are not supposed to do. Because we’ve seen this with security indicators with like lock icons.
[00:09:47] And we’ve seen this with ED certs and first you got the green bar and now that’s going away. Right?
[00:09:52] Dennis Dayman: Anything like that. Exactly.
[00:09:54] Seth Blank: Right. But like users don’t make security based upon what they are shown. There are tons of data that you put those things and they don’t know what to do, and it doesn’t help them interact and they still do bad things and they still get phished.
[00:10:07] And so the beauty of BIMI is the protection occurs before the logo is shown, right. If DMARC’s in place and there’s a BIMI logo that brand sent that message. And the logo is a great value add for the brand and hope for that consumer, but the security is already done. You don’t need to interact with it differently.
[00:10:31] Now, the reason the answer is less satisfying than you’d like is simply there are still multiple sources of logos and inboxes. And so just because they’re seeing a logo might not mean it’s come through via BIMI as is properly authentic. Yeah. In the future, we want we’re all logos com via BIMI then you got, let’s start saying really powerful things. Right. But we’re not there yet because there are too many sources of logos today. Hopefully, BIMI accelerates the demise of unsecured, logos, and logo source from random places. But we’re not there today, right?
[00:11:09] Matthew Verhout: There’s also no consistency, right. The way that Microsoft’s doing it is different than the way Google has been doing in the past, the way that Verizon’s been doing it in the past.
[00:11:17]So there is no consistency. So you get a, a mishmash of logos potentially across, the same brand in different platforms. Which, which
[00:11:27] Seth Blank: It’s not potential. That’s exactly what’s happening.
[00:11:29] Dennis Dayman: That’s exactly what’s happening. Okay. Well, think about it. Matt and I have talked about this on one or two other podcasts before, but and even actually, during the webinars, we did as well, but we’re also dealing with people now, especially more, right.
[00:11:48] With everyone being home cause the COVID and Google just recently said, “Hey, even they’re working remotely until July of 2021 now”. We’re all very busy people. We all make mistakes. We all click on things and we don’t mean to click on, even just the other day, I’m pretty good about the phishing, emails.
[00:12:03] I got a really good one the other day. A really good one. And, and actually, I had to step back for a second take a look at that and go, is this really from that brand? And I can usually spot something like that from the misspellings or the way sorta it’s worked out, but these guys are getting more and more sophisticated, right?
[00:12:18] They are trying everything.
[00:12:21] Seth Blank: They have been for years, look at the FBI. IC3 stats, like, look billions upon billions upon billions of dollars are lost to phish. These actors are sophisticated. And the ones you see with misspellings are a weird mess. Like that’s the ones they want you to see. Yeah.
[00:12:39] Right. Or it’s someone playing around. Right. Like there was, there was some data from Google, right? Like. I think they published this last year, 68% of all phish on any given day is brand new and has never been seen before in the history of the corpus of email they’ve seen. Right? Yeah.
[00:13:00] There’s just new stuff every day and that’s the stuff they can catch. Right. And the point is don’t let them use your brand to do that.
[00:13:07] Dennis Dayman: And for those who are wondering, Seth just said FBI and IC3. IC3 is the Internet Crimes Complaint Center. So that’s where the three Cs come from is the crime complaint center.
[00:13:16] But it’s something that you, the consumer, or even a brand if you will, you can file your cases. When one of my sons was compromised in the last couple of months, we went through and put that. And the stats that he’s talking about here is, just in 2019 alone, IC3 had received around 467,000 complaints, which was almost around 1300 new complaints every single day,
[00:13:37] But when you look at business, email compromises, and whatnot as well, the IC3 also in 2019 has recorded around 24,000 complaints, which was about $1.7 billion in losses. So, these are not small numbers, right? These are big things that are happening right now that are causing our businesses, to lose money, but also to cause consumers to lose that trust.
[00:13:59] Right guys?
[00:14:01] Seth Blank: That’s exactly right. And the biggest source of this is what’s known his exact domain spoofing. Right? If someone can use your full email address in your name to send an email, right, and they can spell well, right. If you get an email real estate, scams are huge right now from the person is the bright name and email just from your realtor with here’s the bank information, right.
[00:14:27] And you wire money, you’ve just sent a bad actor, your down payment that you’re never going to get back. This is happening all day every day. And it’s scary and you can turn that off. There are other ways to do similar things, but they’re nowhere near as effective, right? And that’s the power, of DMARC and authentication is to stop that phishing.
[00:14:51] And if you can take your domain name off the table from being a vector, right, that protects you, that protects your consumers and that’s, the Genesis of this push for marketers. Yeah. Sorry, go ahead, Matt.
[00:15:08] Matthew Verhout: Yeah, the other side did that is, and I’ve, I’ve experienced this and I’ve talked to several other deliverability consultants and security consultants about this are, there’s the bigger your company gets, the bigger, the chances that somebody is doing something outside of your standard IT policy, they’ve set up a mail server.
[00:15:27] They’ve set up a, an account with an ESP or using their email domain. They’re not properly authenticating, but it’s what would be legitimate communications by setting up DMARC, you can identify those and you can fix those you can turn them off should you need to, if they’re really outside your policies and by working through that process of authenticating all your mail, finding all your mail screams and setting them all up properly.
[00:15:53] That’s where you’re going to start to then capitalize and build on tools like DIMI. And whatever comes after DIMI. Right? Cause I guarantee you this isn’t the last piece that we fit together. Right? This is a big puzzle with no edges. We just keep finding new pieces to continue to build. And then that much harder for someone to impersonate you.
[00:16:13] Dennis Dayman: So we’re talking quite a bit about BIMI. Right. But really how does BIMI work? Like, I don’t know, Matt, you kind of want to give us a little bit of a general process. is it as simple as me just taking a logo and going and throwing it on some website somewhere and saying, yeah, here’s my logo or is there a whole lot more to this?
[00:16:29] Because it seems pretty easy.
[00:16:32] Matthew Verhout: Well, and right now to get that implementation done and working within, say they, the Verizon media network. Yes. If you can get your SPF records created and properly authenticated if you can get your DKIM records properly set up and working in an aligned fashion, get your DMARC set up.
[00:16:51] You can publish a BIMI record with no VMC and Verizon will go through and validate that they believe that it’s properly configured and enable it for your brand. They also have some other checks that, it has to be considered commercial mail. So it’s not going to ever work on, match.
[00:17:10] It’s going to want to work on, newsletter at kind of email. And so there, there are some still some checks and balances that they go through that are a bit manual. But going forward, the intention is to have a certificate that validates ownership of the logo and it’s properly registered.
[00:17:28] Dennis Dayman: I understood as a trademark as well, by the way,
[00:17:30] Matthew Verhout: Registered as a, as a logomark. Okay. so there, there are a couple of different classifications that off the top of my head, I can’t remember, in the logo Mark world
[00:17:39] Seth Blank: You don’t want to go there on this podcast. We’ll get stuck into it.
[00:17:43] Matthew Verhout: So you have to have a logomark that validates you own the logo.
[00:17:47] They will pair that with your domains and return a certificate to you, which you then publish. Then the receiving sides can validate your SPF, your DKIM, your DMARC, all works. They can look to say, do you have a BIMI record? Yes. And do you have a valid certificate? Yes. At that point they will then publish your logo, pending you, you meet the rest of their requirements, whatever they happen to be.
[00:18:09] And we expect that each domain will implement them slightly differently, but hopefully it’s a standard they don’t. But like all standards, everyone has a slight spin on things. Yeah. But that’s sort of the high level if you will. Yeah. There are a series of checks and balances. If you pass them all, you get a, you get the logo display.
[00:18:27] Seth Blank: Yep. And to double click on what Matt said for one second on the trademark part, in particular, we are working as a group, very hard to make this far more broadly adoptable, right? Trademarks are the highest possible bar they’re there today to make sure the security works. If the security doesn’t work at a trademark level, it won’t work at a lower level.
[00:18:49]But we understand that trademarks are just not, applicable or accessible to a wide number of organizations that badly want to use BIMI and we want to make it possible for them to be able to use BIMI. And so this is, this is one of the top priorities of the working group. We are not there yet, but we are working on it and we know we have to do this now.
[00:19:12]And then, in terms of how it’s received, basically think of it like this: I’m a mailbox provider, right? I’m Gsuite, Offic365, Yahoo mail, your personal mail system. I get an email. I’m going to do three checks.
Does it pass DMARC? If it does. We’re great.
Is there a BIMI record and does that contain a validated logo? Great.
Did you trigger any of my anti-abuse protections? Assuming you’re clear. Great.
You’re going to go in the inbox and your logo is going to display.
Right. But if you think about it, DMARC and BIMI are two sides of the same coin, right. Authentication. And DMARC in particular is what’s my policy as a sender.
[00:19:55] If the mail does not get authenticated so if you’re trying to spoof me, what do you do? Throw it out. Awesome. BIMI is the other side. When you receive mail, that is authenticated. What’s your logo policy, what would you like me to display? Right. And so it’s the positive use case after authentication. And what’s, what’s also exciting about this is there are lots of things we can start doing more than just logos.
[00:20:18]If this is successful on top of authenticated mail. And this makes the whole ecosystem richer and more secure for everyone. And that’s where this gets exciting.
[00:20:30] Dennis Dayman: So, Matt, you had said something earlier again on an acronym and we got to be careful what acronyms cause some of our listeners who don’t know them, that you had said VMC early, which I know what that means.
[00:20:37] Right. But the logo for the brand has to be validated by a third party, right? It’s not just, maybe Seth’s company doing it.
Right. Or maybe, some, I don’t know, some government that’s doing it, but where is the validation coming from, is it by region? Is it global?
[00:20:54] Is it a group of people you’ve got to pay somebody to do this? How does that work though? To validate those logos?
[00:21:00] Matthew Verhout: So I think long term, obviously we want this big global standard. So there, there will probably be additional opportunities to do this, but for now, during our pilot and rollout period, we’re working with two certificate providers to make this happen.
[00:21:14] So digit cert, and Trust Datacard are the two, providers. And, we’ve been working with them to help understand you know what they need to validate for a logo what types of information they need to collect the process to properly collect that data and validate the logos.
[00:21:33]And then, offer a certificate somewhere to it, like an SSL cert for a website that says, this domain, this logo, we’ve done our due diligence to say yes, thumbs up they match. It’s good. Here’s a block of code hosts, and it will be, validated on receipt by the mailbox providers.
[00:21:54] I’m probably oversimplifying it, but it’s a very sort of similar man, as a similar solution to saying, this is an approved, validated by an independent third party.
[00:22:05] Dennis Dayman: Sure. Yeah.
[00:22:07] Seth Blank: And yeah, I would further just say that Digicert and TrustDatacard are two of the digital it’s the largest. And then Trust is also quite large and they have, they both have deep international footprints.
[00:22:21] And the intention is like, this is a standard. Any CA a certification authority should be able, to issue VMC (Verified Mark certificate) to the public, and then just like in a web browser, your web browser trusts certain CAs to issue certificates that will show that lock icon that we talked about a bit earlier. We’ll see the same thing here where certain mailbox products will say, these are the CA’s we trust her too.
[00:22:46] Right. But that will be a large list. And if there isn’t one in your jurisdiction, right? There should be one nearby, right? This is the whole point is BIMI is only going to be successful if everyone can do it. And that’s what we’re driving to. And that’s what a standard enables.
[00:23:03] Dennis Dayman: So over the years, I’m still shocked that over 25, I’ve been here this now about 25 years that I still felt like in email I have to wait for everything still today. And I don’t mean by waiting for an email, but, because of the internet.
[00:23:15] Seth Blank: It’s just you, we just make you wait, Dennis.
[00:23:17]Dennis Dayman: Well, it’s like, we think about things. I know that some of us have been on the email service provider side. Yeah, we’d have to wait and hope, warmup IPs or, I have to, go out and the text record for my SPF, but I have to wait for it to go through the entire, Internet’s and most of the listeners here don’t even understand that nor do they need to.
[00:23:36] I certainly don’t want them to either. Right. But, once you’ve registered this, this brand logo, I’m assuming like you have to go through some trademarking stuff. If you already don’t have that. And like you were talking about earlier getting certificates and whatnot, but once you get all this stuff set up, does the logo just start showing like immediately, like, Hey, I need to get another tip in an inbox delivery at Gmail.
[00:23:57] I’m just going to go turn BIMI on, this afternoon and I should be fine by tomorrow. Right. Is that how we’re seeing this? Or. Is that something that, it’s going to take some time for people to realize like, what’s like, is it going to be time to wait again?
[00:24:11] Seth Blank: So go ahead, Matt.
[00:24:15] Matthew Verhout: I’ve seen
[00:24:17] Seth Blank: both answer the same time,
[00:24:20] Dennis Dayman: I have slightly different answers, but I’m sorry.
[00:24:21]Matthew Verhout: I’ve seen the work as fast as 24 hours from publishing, for brands, but even on our, on the BIMI group website, I think we recommend waiting 48 or 72 hours before really raising the flag just cause currently, some manual checks have to get done.
[00:24:38]and do you have obligations that need to happen and things like that. So, it’s not going to turn it on today, publish your record. And 10 minutes later, it’s active. but certainly, you’re, you’re going to see it within what I would consider being a reasonable amount of time. within a couple of days at the most.
[00:24:55] Seth Blank: Yeah. And the intention Dennis is for it to be quite quick, once you’ve published it just like if you were to publish a new DKIM record for a new sender, right. And you can start sending that sender immediately, it should be that fast. Right now things are still being piloted. So it’s a little bit slower.
[00:25:12]But the intention is when this gets to scale, assuming you’re authenticated, assuming you’ve got the logo validated you’re done. It should just start working. And the BIMI has intentionally been designed to be easy, right? DMARC is the hard part, getting things.
[00:25:32] authenticated is the hard part. Once you’ve got that in place BIMI is candy, publish a logo, say. Great. And once that’s published, if it’s on your domain, yeah. It’s going to show everywhere. It doesn’t matter which ESP you’re sending it through our email service provider sender out of your APIs is mailed, right?
[00:25:53] Everything shows the logo from your domain. If it’s authenticated. And then if you want to put a logo, right. If you’ve got certain things that are registered, you want to put them on up. A specific campaign that becomes easy too, and it just works and it’s just lightweight and simple after everything’s authenticated.
[00:26:13] Dennis Dayman: So I know right now some of the marketers are going crap I’m just going to go down on my logo, off my website and I’m going to go off and go put it into some BIMI maker, you know? And I think, Valley Mount of the companies out there have a CreditEase, let us help you create your BIMI record.
[00:26:26] Is it that easy? You just need to go download a load off my website or do I have to submit something specific logo wise?
[00:26:33] Seth Blank: You have to submit something specific logo wise and that’s because the logo itself needs to meet certain security requirements for the same, for the same reasons. there is a spec that if it’s not published, it will be in the near future.
[00:26:48]That’s gonna enable this and then we’re going to be working with many of the standard tools that, that designers use to export logos to make sure they all publish to the spec. So that it’s easily and broadly consumed. And then again, a lot of this is there is some upfront work to get things ready, but once it’s ready, it’s super clean and we’re working to get that up for those upfront steps, as easy as humanly possible.
[00:27:13] That’s the whole reason for the pilots is to shake that stuff out and make sure it does work. And it is easy.
[00:27:19] Dennis Dayman: So is. It’s mainly just for email. we know marketers communicate through other channels, right? Whether that’s social media texting and other things as well, but is this just on email only?
[00:27:31] Matthew Verhout: It doesn’t have to be, I think, in the spec we do kind of hint at. other uses or potential uses for BIMI. We don’t necessarily have any live examples that, I think we could share at this point, but there’s nothing stopping someone from displaying the logo next to search results.
[00:27:49] There there’s nothing stopping someone from using it for social media purposes on a validated, email address. There’s nothing stopping someone from using it potentially for a business WhatsApp. Account for communication with customers or, the idea of, chatbot, displaying that logo on, on our domain.
[00:28:09]It’s going to be published. It’s going to be verifiable at the domain, record, in the DNS. I think there, there are potentially limitless uses. that people will be able to find, just say, I want the official logo as of today, of that business. And you can live, pull that every 24 hours to see if they’ve changed their logo or not.
[00:28:35] And then recache it. Anywhere you display a logo, in theory, BIMI could supply your current live logo image from a brand.
[00:28:46] Dennis Dayman: It’s funny, you’re talking in any platform because I have been on those, on those renegades of a wreck of a bit of craziness on Facebook recently. And all my friends are posting these.
[00:28:57] Oh, Hey, look, everyone repost this post because if we do, we might get a trip to Bora Bora or Hey, there’s this free RV. But unfortunately, the person was really from, from Canada, no offense, Matt. And so they can’t take, ownership of it while they were 17, and I’m constantly, and Matt saw me do this.
[00:29:16] I think even said you have to on Facebook, I’m like friends. Nothing comes for free on Facebook. You have to validate that the profile is there. If Facebook does that, to some extent where you can be validated as a, as a famous person or as a brand and whatnot, but you could almost, it sounds like it almost even sees this even happening on social media where, if it’s not validated that there’s not a check Mark of whatever that is next to these images that might be used in the profile picture or something.
[00:29:42] Matthew Verhout: Yeah, I’ve seen lots of those, fake win a trip type things tend to be from a specific brand or just specific domain, there’s nothing stopping someone from using BIMI to say put that logo there and validate it. I think Seth, you probably have other things to say about that,
[00:30:03] But I think that is a use case that brands could use for BIMI in a social media world, to protect their domain names and protect their, their logos and they’re, there’s, there are lots of fake social media accounts that are set up for comedic purposes as well, using a brand logo, that that can be cause chaos for brands from time to time. So, I see it, it could very well be used that way.
[00:30:24] Seth Blank: Yeah, I think there’s really broad applicability here, right? That the model in email for BIMI is you have an authenticated email, you can display an authenticated logo, right? It’s what is the off component through the other channels? And you mentioned social media, which is a great example because in many cases, especially if like with Facebook, you know who the user is.
[00:30:48] In certain cases, you don’t. Right. But if you have confirmation on one side, then you can bring the logo to bear. Right. And that, that’s what we’ve been seeing now. Now within mail providers that have been playing with BIMI is, Oh, we can use the logo here and Oh, we can use the logo there and, hell I have a dashboard of a whole bunch of brands,
[00:31:13] And now I can populate that with BIMI logos, because I know they’re actually from the brands and I can just go, I’ve got the domain name, I know exactly how to populate this. and I know it’s current and I know the brand has curated that properly and I’m not going and finding like their press page and then their press kit and then downloading it and then going, how does it work?
[00:31:30] Like it’s just, it’s, you’re able to publish it. Say it’s mine. There’s proof. It is yours. So you can’t go and pretend to be someone you’re not, you can’t go and be I’m UB3R. Like you can’t do that. You can’t get the certificate and that’s what protects the brand as well here.
[00:31:51] Dennis Dayman: So, we’re talking a lot about the pilot now that you guys are doing with, with Gmail, it was just announced and stuff like that.
[00:31:57] And I know that Gmail has the biggest percentage of the market in terms of emails, whether it’s on consumers, but I know like at least three or four of the startups that I work with regularly are using it as well for, for their GS. Are we expecting to see this mini-pilot right now? Is it going to be across all their platforms?
[00:32:14] Is it going to be only on the consumer side? Is it going to be on the GM side? I’m sure the folks that are listening on this would kind of like to know what the rollout might look like because even g-mail recently rolled out their postmaster site and that made everybody very happy.
[00:32:27] So who is this going to start helping first within the Gmail ecosystem?
[00:32:32] Seth Blank: So I don’t work for Gmail. I’m not a representative of Google. The intention right now, as I understand it is, let’s make sure it works in Gmail, make sure it works securely and at scale, and that people who want their logo to display and get off and place can’t right.
[00:32:58] And so that that’s the priority. And from there, I truly don’t have any knowledge of where that’s going, but I’m, I’m hoping for great things.
[00:33:11] Dennis Dayman: Matt, you know anything about that? you’re highly connected, just as much as everybody else’s. What have you heard?
[00:33:17]Matthew Verhout: Well, from, from things, we’re allowed to say, I think Seth pretty much covered, all the things that we’re allowed to say.
[00:33:25] Seth Blank: Matt also does not work for Gmail.
[00:33:27] Dennis Dayman: Right?
[00:33:28]Matthew Verhout: So, I think that the one thing that I’m seeing a lot of asking around, around this is how do they get involved with the pilot? And I think, at, this point, the invitations have been sent. and there’s no point in really asking. You know if there are going to be more invitations that will be determined later by the people sending those invitations.
[00:33:48]So I think that’s just an important thing, to put out there in this regard. and then, as for how any provider is going to use those logos, right? We have no insight into, their sort of plans other than what’s been announced,
[00:34:06] Dennis Dayman: Right? So I’ve got to sit and wait, which is not a bad thing, to be honest, but it’s a good thing for people to even just start looking at this anyway, regardless of who’s going to be supporting this, within Gmail, a division within Gmail,
[00:34:21] Matthew Verhout: I do that.
[00:34:21] I think, you know if you’re interested in getting your logo at some point into Gmail, do all the work now that you can, you can get it running in Verizon’s platforms and working. and then when it does become more generally available and we’ve worked out the public cert access and all of that, you’re almost already there, you get 90% of the way there.
[00:34:45] And then you, you get the rest later when later is though is later. Yeah.
[00:34:52] Seth Blank: I like to underscore that, right. For some organizations getting the auth in place is hard. Right get started now, what you don’t want to do is have the opportunity to go. We, we want our BIMI logo to show we’re ready.
[00:35:05] Oh my God. These other people are showing numbers that are exciting and then get stuck in a three or four-month battle with IT to get it done. Get started now, get the prereq’s out of the way. And then when Google says we’re ready to go, you’ve got your logo, you get your certificate and you’re there.
[00:35:23] Right? And that, that’s what you want. You just want to be ready and well, Google’s getting ready. Right. And examining their pilot, getting ready for GA whatever GA may be. Right. A lot of other mailboxes providers are taking this seriously and your logo may start showing in other ones, it absolutely will start displaying immediately in Yahoo mail.
[00:35:45] Right? Yahoo mail is showing real numbers about the efficacy can see, of BIMI. You will get, or most likely a meaningful boost to open rates and click-throughs, right. Everyone’s mileage will different. It depends on a ton of different behaviors of how you send mail, who you’re sending it to. Did you have DMARC before or is it brand new?
[00:36:09] Right? Like your mileage will vary, but everyone’s seeing some sort of benefit. And so get started now, get DMARC in place now. Get, BIMI ready now. And then when Google goes, GA you can reap the benefits of the largest consumer mail platform on earth showing your brand logo. Right. But don’t wait.
[00:36:34] Dennis Dayman: don’t wait.
[00:36:36] Matthew Verhout: I think the big one is if you don’t have your right logomark. That takes several months, at least start that process if you need to.
[00:36:44] Seth Blank: find out now.
[00:36:45] Matthew Verhout: Yeah. Cause come 2021, if things open up or when they open up or whatever it happens to be, and you’re still sitting here going, Oh, I don’t have a logomark.
[00:36:56] Well now you’re seven months behind from the get-go. Right, right, right.
[00:37:00] Seth Blank: Yeah. And I, from the bottom of my heart, I hope you don’t need a trademark by that point. we don’t have to do that. But we’ll see, it might be the requirement at the start of GA for Google. It’s not a requirement for Yahoo, right?
[00:37:14] You should know where you stand and you should be getting ready now.
[00:37:18] Dennis Dayman: I agree. So as we’re starting to wrap up here, I do have to ask some of the loaded questions here. And Matt, I’m going to start with you cause someone’s going to ask this question, right. And that’s is BIMI going to help my deliverability.
[00:37:29] Right. We hear that all the time when it comes to standards and whatnot. Is this going to help deliverability? No. Yes.
[00:37:35] Matthew Verhout: I think on its own, it’s certainly not. Right. what we’ve seen are companies that implement strong DMARC policies tend to get better delivery over time companies that implement BIMI tend to drive more engagement, meaning more opens and more clicks, which leads to a better reputation and better delivery, better engagement.
[00:37:55] So it becomes a bit of a self-fulfilling prophecy. So, will it improve your deliverability? Not directly, but it will as engagement and sort of the metrics that are positive indicators of good messaging habits as seen by the reputation systems at these platforms. So it’s, it’s not a direct relationship, but it’s certainly a byproduct.
[00:38:19] At least that’s how I would view it. And that’s, obviously my personal opinion on that in regards, to that. But in the end, Causation correlation. Right? Is it the DMARC that did it, is it the BIMI that did it, is it changes in messaging behavior that did it all of the above, but it certainly is not going to hurt your deliverability by doing,
[00:38:45] Seth Blank: Unless you’re sending a ton of authenticated email and don’t put the effort in to fix that.
[00:38:52] But, I actually have a similar answer. Right, right. no comment. No.
[00:38:58] BIMI who, who knows there’s no data yet, right? at the end of the day, if you don’t have DMARC in place and BIMI is the reason you got DMARC in place, that’s going to make a difference. Your mileage will vary, but like in the most extreme case, There’s an awesome case study from hmrc.gov or.gov.uk, right?
[00:39:23] Her Majesty’s revenue and customs, right. The UK tax agency, they had, I believe that that was an 18% deliverability, right. Because they were the most heavily phished entity in the world or one of them. Right. They got the marketplace jumped from 18% to 98% deliverability. Right. That’s monumental. Right.
[00:39:46] But it just depends on how heavily phished of a brand. You are. If you’re heavily phished, DMR, just stop all the crap from counting against a reputation. If you’re not heavily phished, it’s not going to make a big difference because there’s not a lot of stuff that’s counting against you from external factors. Once you have DMARC in place, it’s your sending practices.
[00:40:04] Are you sending an email that your customers think you’re spamming, right? That’s going to hurt you, but if you’re sending good email and now bad stuff, can’t count against you. That should help. Right. And that’s not because it’s making your mail better. It’s cause it’s making bad stuff count, less against you.
[00:40:22] Right. That’s powerful. That’s a requirement
[00:40:29] Matthew Verhout: Well, I worked, I worked with a client in the past and they were doing the DMARC set up and a move through. And as soon as they went to reject their inbox, placement rates, their reputation, everything went up within a matter of days because they were able to stop all the bad stuff.
[00:40:44] So, certainly all build on it on each
[00:40:47] Seth Blank:At the end of the day, there’s, there’s just a ton of data that everyone’s domain is phished to some extent. And so you should be turning off some bad stuff and that should help you. It’s just to walk the grid. Yeah.
[00:41:00] Dennis Dayman: So Matt, I have a quick question, and then we’re going to start closing up here because I kind of wants to get, people’s sort of an idea of where they can go learn more about Demi today, but what, where should brands be going, right.?
[00:41:10] Should it be coming over to the BIMI working group? Should it be joining it? Can they join it or is there just a way for them just to read more about, than me there?
[00:41:18] Matthew Verhout: So the BIMI group website, that started the main repository of all sorts of our official communications as a group. We’re constantly updating the FAQ is there, we’re writing new blog articles all the time, and sort of answering the questions that so don’t feel bad if we don’t answer your question directly that you submit through the form.
[00:41:35] We will put it up in an FAQ at some point. We have a YouTube channel that we’re just starting to put videos upon. I believe there’s one video up on it now. you can search for the meat group. You’ll find it. we’re on Twitter. as well as the BIMI group on Twitter. So we’re, we’re out there. We’re sort of in the world.
[00:41:51]People are finding us, the press release was huge for us. I think, from Google side, linked to us and, and drove a lot of people our way. so I think that’s the place. We do have a, like a companion list called friends of BIMI that individuals or organizations can sign up for to stay slightly more connected to the group.
[00:42:10]We are not taking new members at this point. that may happen in the future, depending, on the group’s decision. But for now, you can sort of join our companion friends of BIMI list and stay a little more connected to the group. Similar groups have these, in regards to like there’s a discussion list for DMARC.
[00:42:27] There are the discussion lists for DKIM. Seth is all too familiar with those being the chair of the DKIM group as well. So it’s our answer to that as a way for people to stay connected and stay a part, and maybe even see a little bit behind the curtains before things get fully announced as a way for us to have those discussions and get feedback from the bigger community beyond just the member organizations at this point.
[00:42:52] Seth Blank: And I would go, actually, I just want to the final thing, sorry, Dennis, to cut you off its BIMIgroup.org, and we welcome everyone’s feedback. We want this to be successful, which means we need to know how it works for you. And so Dennis just sends us a lot of feedback. Oh, I love that.
[00:43:15] Dennis Dayman: I love that. That’s that’s awesome. Listen, guys, Seth and Matt, Matt, I want to thank you guys for being a part of this Netcore ForTheLoveOfEmail podcast. This has been great information, and I know there’s been a lot of questions about what this Demi stuff is and like, and I keep hearing it as well from other folks and going, oh, another standard, but this is going to be life-changing.
[00:43:33] So thank you very much for both of you for being a part of this.
[00:43:37] Seth Blank: You’re very welcome. Thank you for having us.
[00:43:40] Dennis Dayman: Yeah, you’re welcome. Well, listen, guys, all of our listeners, again, we w we hope that this has helped you guys understand what BIMI is and how it’s going to help email shortly.
[00:43:48] If not already today, again, check out the BIMI website. I think it’d be a really good opportunity for you guys to start preparing. I think Seth made a very good point that now’s the time to prepare for this, regardless of what, some of the providers are doing with BIMI right now. But being in the ready, being in the know, being ahead of the game, especially, during this pandemic as well, because we’re all still doing business, right?
[00:44:09] We’re all still reaching out to our, to our client’s health, through email and other channels as well. And BIMI is going to continue to help keep email as a creative, but also a trusted channel. Again, if you guys need help with this, you can check out the Netcore, which as you already know, is a global emailing engagement leader with their AI-powered and email deliverability and campaign solutions.
[00:44:29] There have been, driving and delivering ROI for more than two decades already to all their clients around the globe. But if you guys also remember when we started these podcasts, we’ve been talking about this, that they also had been offering a COVID relief program. and it’s still going on right now.
[00:44:43] It’s still good to about September of this year. And again, if you remember, right, this is gonna do one in which you can come in and send unlimited emails, zero costs using that AI power platform that they have. So come on in and check out that program and give it a whirl. I think you’ll enjoy that.
[00:44:59] Also, don’t forget to subscribe to Netcore’s weekly podcast. You can do that by going to Spotify, iTunes, Google, Stitcher, or simply visit Netcore.co. You’ll be able to find all the episodes there every single week, every Thursday being dropped. And, outside of that, I want to, again, thank everyone for being a part of this.
[00:45:17] I want everyone to say help, stay safe and healthy. And thank you again, Seth and Matthew, for being a part of, and we’ll be back in about a week with our next podcast. Thanks a lot. Take care, everybody.