Apple Joins Google in Adopting BIMI & VMCs for Email
1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 5.00 out of 5)
Loading...

Apple Joins Google in Adopting BIMI & VMCs for Email

In fall 2022, Apple will roll out its latest operating system for iPhones (iOS 16) and computer devices (MacOS Ventura), which will support brand indicators for message identification. Companies will now be able to display their logo in more than 80% of recipients’ inboxes

Apple Mail and iCloud users are about to receive a major upgrade regarding inbound emails. Apple is adopting BIMI and verified mark certificates (VMCs) in its upcoming operating system releases for iOS 16 and MacOS Ventura this fall. The tech giant is the latest in a line of major email providers that’s choosing to support brand indicators for message identification (BIMI). And this is a great thing considering data from the Data & Marketing Association (DMA) indicates that 68% of consumers rank brand recognition as the foremost factor in their decision to open emails.

Of course, Apple hasn’t officially announced anything yet about the change (at least, that I’ve seen). But it’s come to light that the tech giant is planning to follow in the footsteps of Google, Yahoo!, Fastmail, and other major email providers in its fall 2022 OS release by supporting BIMI in its native Mail app and iCloud accounts. Using a verified mark certificate (VMC) in combination with BIMI is how you can make your verified trademark logo display in recipients’ supporting email clients.

But what does this upcoming change mean for you and your brand? If your organization wants to reach customers using Apple mail apps (or Gmail, Yahoo, etc.), then you’d better pay attention.

Let’s hash it out.

In a Rush? Here’s the Quick Overview of What Apple Is Doing and Why It Matters

Here’s a meat-and-potatoes look at what you need to know about Apple’s upcoming changes to inbound emails for Mail and iCloud accounts:

  • Apple is adding support for BIMI and verified mark certificates in fall 2022. Apple is just the latest major email provider to jump on the BIMI and VMC bandwagon. Google has been a supporter of BIMI and VMCs since 2020. We’ll speak more about both of these email security measures shortly.
  • Up to date Apple devices (running iOS 16 and MacOS Ventura) will display your verified trademarked logo in users’ inboxes. If you enable BIMI and use a VMC, then users would no longer see the every-email-looks-the-same list of messages in their Mail and iCloud inboxes; instead, they’d see your colorful brand logo front and center.
  • Adopting BIMI and VMCs allows you to display your logo to four in five email users. This means that with both Apple and Gmail on board for BIMI and VMCs, your organization can display your verified logo to more than 80% of email inboxes.

Wait, What’s Brand Indicators for Message Identification (BIMI)? Let’s Quickly Recap…

A side-by-side comparison graphic of an inbox without BIMI (on the left) and with BIMI (on the right). The right side displays the email senders' brand logos while the left displays generic icons -- "G" for GrubHub, "N" for National Geographic, and "F" for Food Network
Image caption: This illustration demonstrates what it looks like when brands use BIMI to display their verified trademarked logos in recipients’ inboxes.

If you’ve used Gmail anytime since mid-2020, you’ve likely noticed that some emails in your inbox display the companies’ verified logos. (Think Chase, Bank of America, CNN, and some other major brands.) That’s because Gmail decided to take the plunge and support the BIMI email specification on its email platforms. However, Google takes things a step further and requires companies to have verified mark certificates to display these BIMI verified logos.

BIMI is an email security specification that ties your verified trademarked logo to your domain and business. Using BIMI requires you to set up certain email security protocols (called domain-based message authentication reporting and conformance, or DMARC) that help protect your domain against spoofing and misuse. Doing this helps you to protect your brand in outbound emails and build trust in the eyes of your customers (and prospective customers).

Several of the BIMI-supporting email clients include the ones we mentioned earlier. Others include:

  • AOL,
  • Netscape, and
  • Pobox.

Now, Apple will be allowing you to display the same to Mail and iCloud inboxes by supporting BIMI starting this fall. This way, when you send emails to users on iPhones and Apple laptops and desktop devices using the applicable operating systems, you can display your verified, trademarked logo next to your name and email subject line.

How Do I Know If I Have BIMI Set Up on My Domain?

This is a good question. It’s actually really easy to check. Simply use the BIMI Group’s BIMI Inspector tool to see if your domain already has brand indicators for message identification set up. This tool allows you to check the status of the following domain records:

  • Sender policy framework (SPF)
  • Mail exchange (MX)
  • DMARC
  • BIMI
  • BIMI SVG image (i.e., your official trademarked logo image file)
A screenshot of the BIMI Group's BIMI Inspector tool
Image caption: A screenshot of BIMI Group’s LookUp and BIMI Generator tool.

Okay, So Where Do Verified Mark Certificates (VMCs) Fit Into the Picture?

brand-my-mail-chase-bimi-example-gmail-inbox
Image caption: An example screenshot from Gmail that shows how it looks when a company uses BIMI and a VMC to display their verified trademarked logo.

Every once in a while, we talk about verified mark certificates (VMCs) here on Hashed Out. Why? Because these important digital files are the difference between your emails standing out versus getting lost in the sea of inbox clutter. But if you’ve missed our other articles on BIMI and VMCs, here’s quick overview:

VMCs are digital certificates that, in combination with BIMI and DMARC (a little more on DMARC later), help businesses display their verified company logos in recipients’ inboxes. Trusted public certificate authorities (CAs) that issue SSL/TLS certificates for websites are also the entities that issue VMCs. The CA must verify both that your logo is authentic and that you legitimately own it.

Basically, using BIMI, DMARC and a VMC together enables you to prove that you — and only you — control your trademarked logo and that no unauthorized parties are sending messages on behalf of your domain. As such, displaying these visual indicators of your verified digital identity is a great way to help instill trust in your brand — and the emails that come from your domain — in customers.

Together, this powerful security combination helps you protect your domain while also helping recipients know that the messages received from your brand are authentic and trustworthy.

Internet Users Are Sharing a Sneak Peek of BIMI in Apple iOS 16

It’s no secret that people often love to be the first to break exciting news and share information, and beta testers are among them. Twitter user Charlie Fish (@char_fish), who is listed as a software engineer, posted the following screenshot of the messages that display in the iOS 16 meta on his Twitter feed:

A screenshot of the BIMI message Apple displays to users in the iOS 16 and MacOS Ventura beta testing platform

Image source: Charlie Fish’s Twitter Account.

The message says:

“Digitally Certified Email

This email was verified as coming from the owner of the logo shown and the domain “alertsp.chase.com”.

Apple uses the Brand Indicators for Message Identification (BIMI) standard.”

Here’s a quick taste of how BIMI support looks in iOS 16:

A screenshot of the BIMI logo that displays to users in the iOS 16 and MacOS Ventura beta testing platform
Image source: Charlie Fish’s Twitter Account. This screenshot shows Chase’s BIMI verified logo displaying next to the company’s email information. Chase uses verified mark certificates in addition to BIMI to display their logo in users’ inboxes.

What Apple’s BIMI Support Means for My Company’s Efforts in Reaching Apple Users

The answer to these questions depends on what types of operating systems you use on your Apple devices. For example, if you want to use VMCs to display your verified company logo to users of the upcoming operating systems for iPhones and Apple computers, then this is something you’ll want to pay attention to.

This applies to the following operating systems once it’s set to release in September 2022:

  • Apple iOS 16
    • iPhone 13s (including mini, pro, and pro max)
    • iPhone 12s (including min, pro, and pro Max
    • iPhone 11s (including Pro and Pro Max)
    • iPhone Xs and Xs Max
    • iPhone Xr
    • iPhone X
    • iPhone 8 and 8 Plus
    • iPhone SE (2nd gen or later)
  • MacOS Ventura
    • iMac (2017 and later)
    • iMac Pro (2017)
    • MacBook (2017 and later)
    • MacBook Air (2018 and later)
    • MacBook Pro (2017 and later)
    • Mac Pro (2019 and later)
    • Mac Studio (2022)
    • Mac mini (2018 and later)

Apple’s Upcoming Change Will Help You Put Your Trademarked Logo in Front of Users

We recently published an article that talked about some of the changes coming to trademark certificate PDFs from the U.S. Patent and Trademark Office (USPTO). In particular, we’re talking about the USPTO’s new approach of issuing electronic trademark certificate PDFs that are digitally signed instead of physical paper copies. The idea here is that the USPTO wants to electronically issue these certificates in a way that enables certificate owners and other users alike to:

  • Verify that the certificates are authentic, and
  • Ensure the certificates were genuinely issued by the USPTO office to the organization or individual in question.

Why does this matter? Because trademarked logos are at the heart of BIMI and verified mark certificates. With Apple’s upcoming iOS/MacOS Ventura updates, you’ll only be able to display your organization’s logo if:

  1. Your logo is trademarked, and
  2. You have set up BIMI and DMARC for your domain. DMARC is all about controlling the settings and policies for your domain to ensure proper validation and usage. Check out this guide on VMCs that walks you through how to be DMARC compliant.  

By digitally signing every new trademark certificate, the USPTO is helping prevent fraudsters from downloading your certificate from their database and fraudulently changing your organization’s information to reflect their own.

Can’t Someone Just Upload a Logo to Display in Users’ Inboxes?

Yes and no. In Gmail, for example, you can add a profile image that will display next to your email. But there are limitations:

  • It’s not a BIMI-verified logo.
  • It doesn’t require any level of authentication (i.e., any Gmail account holder can do it) like a BIMI-verified logo.
  • You have to send emails from a valid Gmail account (or from your own domain using Gmail).
  • Recipients have to use Gmail in order to see your Gmail profile photos.
A screenshot of the Gmail profile image settings menu.
Image caption: A screenshot that shows where in Gmail’s account settings you can add a non-BIMI-verified profile picture.

To display your BIMI verified logo in Google’s Gmail (currently) and in Apple’s Mail app (after its fall 2022 upgrade), your emails must pass a series of authentication checks first. These digital identity verification checks help users’ clients know that you’re really the one sending the emails (i.e., it’s not a scammer pretending to be you or your organization). BIMI, in combination with VMCs, can help you ensure that your verified brand logos display on all emails sent from your domain.

Final Thoughts on Apple’s Support of BIMI & VMCs for Brand Recognition & Security

If you’re looking for ways to promote your brand and create greater trust in your domain’s outbound emails, pairing BIMI with VMCs is a great way to do it. And now that Apple is moving to support BIMI in Mail and iCloud accounts, in much the same way Google does with their email clients, you can expand your reach in terms of putting your brand in front of the larger Apple device-using audience.

Author

Casey Crane

Casey Crane is a regular contributor to (and managing editor of) Hashed Out. She has 15+ years of experience in journalism and writing, including crime analysis and IT security. Casey also serves as the Content Manager at The SSL Store.