Apple Joins Google in Adopting BIMI & VMCs for Email
In fall 2022, Apple will roll out its latest operating system for iPhones (iOS 16) and computer devices (MacOS Ventura), which will support brand indicators for message identification. Companies will now be able to display their logo in more than 80% of recipients’ inboxes
Apple Mail and iCloud users are about to receive a major upgrade regarding inbound emails. Apple is adopting BIMI and verified mark certificates (VMCs) in its upcoming operating system releases for iOS 16 and MacOS Ventura this fall. The tech giant is the latest in a line of major email providers that’s choosing to support brand indicators for message identification (BIMI). And this is a great thing considering data from the Data & Marketing Association (DMA) indicates that 68% of consumers rank brand recognition as the foremost factor in their decision to open emails.
Of course, Apple hasn’t officially announced anything yet about the change (at least, that I’ve seen). But it’s come to light that the tech giant is planning to follow in the footsteps of Google, Yahoo!, Fastmail, and other major email providers in its fall 2022 OS release by supporting BIMI in its native Mail app and iCloud accounts. Using a verified mark certificate (VMC) in combination with BIMI is how you can make your verified trademark logo display in recipients’ supporting email clients.
But what does this upcoming change mean for you and your brand? If your organization wants to reach customers using Apple mail apps (or Gmail, Yahoo, etc.), then you’d better pay attention.
Let’s hash it out.
In a Rush? Here’s the Quick Overview of What Apple Is Doing and Why It Matters
Here’s a meat-and-potatoes look at what you need to know about Apple’s upcoming changes to inbound emails for Mail and iCloud accounts:
- Apple is adding support for BIMI and verified mark certificates in fall 2022. Apple is just the latest major email provider to jump on the BIMI and VMC bandwagon. Google has been a supporter of BIMI and VMCs since 2020. We’ll speak more about both of these email security measures shortly.
- Up to date Apple devices (running iOS 16 and MacOS Ventura) will display your verified trademarked logo in users’ inboxes. If you enable BIMI and use a VMC, then users would no longer see the every-email-looks-the-same list of messages in their Mail and iCloud inboxes; instead, they’d see your colorful brand logo front and center.
- Adopting BIMI and VMCs allows you to display your logo to four in five email users. This means that with both Apple and Gmail on board for BIMI and VMCs, your organization can display your verified logo to more than 80% of email inboxes.
Wait, What’s Brand Indicators for Message Identification (BIMI)? Let’s Quickly Recap…
If you’ve used Gmail anytime since mid-2020, you’ve likely noticed that some emails in your inbox display the companies’ verified logos. (Think Chase, Bank of America, CNN, and some other major brands.) That’s because Gmail decided to take the plunge and support the BIMI email specification on its email platforms. However, Google takes things a step further and requires companies to have verified mark certificates to display these BIMI verified logos.
BIMI is an email security specification that ties your verified trademarked logo to your domain and business. Using BIMI requires you to set up certain email security protocols (called domain-based message authentication reporting and conformance, or DMARC) that help protect your domain against spoofing and misuse. Doing this helps you to protect your brand in outbound emails and build trust in the eyes of your customers (and prospective customers).
Several of the BIMI-supporting email clients include the ones we mentioned earlier. Others include:
- Netscape, and
Now, Apple will be allowing you to display the same to Mail and iCloud inboxes by supporting BIMI starting this fall. This way, when you send emails to users on iPhones and Apple laptops and desktop devices using the applicable operating systems, you can display your verified, trademarked logo next to your name and email subject line.
How Do I Know If I Have BIMI Set Up on My Domain?
This is a good question. It’s actually really easy to check. Simply use the BIMI Group’s BIMI Inspector tool to see if your domain already has brand indicators for message identification set up. This tool allows you to check the status of the following domain records:
- Sender policy framework (SPF)
- Mail exchange (MX)
- BIMI SVG image (i.e., your official trademarked logo image file)
Okay, So Where Do Verified Mark Certificates (VMCs) Fit Into the Picture?
Every once in a while, we talk about verified mark certificates (VMCs) here on Hashed Out. Why? Because these important digital files are the difference between your emails standing out versus getting lost in the sea of inbox clutter. But if you’ve missed our other articles on BIMI and VMCs, here’s quick overview:
VMCs are digital certificates that, in combination with BIMI and DMARC (a little more on DMARC later), help businesses display their verified company logos in recipients’ inboxes. Trusted public certificate authorities (CAs) that issue SSL/TLS certificates for websites are also the entities that issue VMCs. The CA must verify both that your logo is authentic and that you legitimately own it.
Basically, using BIMI, DMARC and a VMC together enables you to prove that you — and only you — control your trademarked logo and that no unauthorized parties are sending messages on behalf of your domain. As such, displaying these visual indicators of your verified digital identity is a great way to help instill trust in your brand — and the emails that come from your domain — in customers.
Together, this powerful security combination helps you protect your domain while also helping recipients know that the messages received from your brand are authentic and trustworthy.
Internet Users Are Sharing a Sneak Peek of BIMI in Apple iOS 16
It’s no secret that people often love to be the first to break exciting news and share information, and beta testers are among them. Twitter user Charlie Fish (@char_fish), who is listed as a software engineer, posted the following screenshot of the messages that display in the iOS 16 meta on his Twitter feed:
Image source: Charlie Fish’s Twitter Account.
The message says:
“Digitally Certified Email
This email was verified as coming from the owner of the logo shown and the domain “alertsp.chase.com”.
Apple uses the Brand Indicators for Message Identification (BIMI) standard.”
Here’s a quick taste of how BIMI support looks in iOS 16:
What Apple’s BIMI Support Means for My Company’s Efforts in Reaching Apple Users
The answer to these questions depends on what types of operating systems you use on your Apple devices. For example, if you want to use VMCs to display your verified company logo to users of the upcoming operating systems for iPhones and Apple computers, then this is something you’ll want to pay attention to.
This applies to the following operating systems once it’s set to release in September 2022:
- Apple iOS 16
- iPhone 13s (including mini, pro, and pro max)
- iPhone 12s (including min, pro, and pro Max
- iPhone 11s (including Pro and Pro Max)
- iPhone Xs and Xs Max
- iPhone Xr
- iPhone X
- iPhone 8 and 8 Plus
- iPhone SE (2nd gen or later)
- MacOS Ventura
- iMac (2017 and later)
- iMac Pro (2017)
- MacBook (2017 and later)
- MacBook Air (2018 and later)
- MacBook Pro (2017 and later)
- Mac Pro (2019 and later)
- Mac Studio (2022)
- Mac mini (2018 and later)
Apple’s Upcoming Change Will Help You Put Your Trademarked Logo in Front of Users
We recently published an article that talked about some of the changes coming to trademark certificate PDFs from the U.S. Patent and Trademark Office (USPTO). In particular, we’re talking about the USPTO’s new approach of issuing electronic trademark certificate PDFs that are digitally signed instead of physical paper copies. The idea here is that the USPTO wants to electronically issue these certificates in a way that enables certificate owners and other users alike to:
- Verify that the certificates are authentic, and
- Ensure the certificates were genuinely issued by the USPTO office to the organization or individual in question.
Why does this matter? Because trademarked logos are at the heart of BIMI and verified mark certificates. With Apple’s upcoming iOS/MacOS Ventura updates, you’ll only be able to display your organization’s logo if:
- Your logo is trademarked, and
- You have set up BIMI and DMARC for your domain. DMARC is all about controlling the settings and policies for your domain to ensure proper validation and usage. Check out this guide on VMCs that walks you through how to be DMARC compliant.
By digitally signing every new trademark certificate, the USPTO is helping prevent fraudsters from downloading your certificate from their database and fraudulently changing your organization’s information to reflect their own.
Can’t Someone Just Upload a Logo to Display in Users’ Inboxes?
Yes and no. In Gmail, for example, you can add a profile image that will display next to your email. But there are limitations:
- It’s not a BIMI-verified logo.
- It doesn’t require any level of authentication (i.e., any Gmail account holder can do it) like a BIMI-verified logo.
- You have to send emails from a valid Gmail account (or from your own domain using Gmail).
- Recipients have to use Gmail in order to see your Gmail profile photos.
To display your BIMI verified logo in Google’s Gmail (currently) and in Apple’s Mail app (after its fall 2022 upgrade), your emails must pass a series of authentication checks first. These digital identity verification checks help users’ clients know that you’re really the one sending the emails (i.e., it’s not a scammer pretending to be you or your organization). BIMI, in combination with VMCs, can help you ensure that your verified brand logos display on all emails sent from your domain.
Final Thoughts on Apple’s Support of BIMI & VMCs for Brand Recognition & Security
If you’re looking for ways to promote your brand and create greater trust in your domain’s outbound emails, pairing BIMI with VMCs is a great way to do it. And now that Apple is moving to support BIMI in Mail and iCloud accounts, in much the same way Google does with their email clients, you can expand your reach in terms of putting your brand in front of the larger Apple device-using audience.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018in Hashing Out Cyber Security
How to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chromein Everything Encryption
Re-Hashed: How to Fix SSL Connection Errors on Android Phonesin Everything Encryption
Cloud Security: 5 Serious Emerging Cloud Computing Threats to Avoidin ssl certificates
This is what happens when your SSL certificate expiresin Everything Encryption
Re-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Messagein Hashing Out Cyber Security
Report it Right: AMCA got hacked – Not Quest and LabCorpin Hashing Out Cyber Security
Re-Hashed: How to clear HSTS settings in Chrome and Firefoxin Everything Encryption
Re-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithmsin Everything Encryption
The Difference Between Root Certificates and Intermediate Certificatesin Everything Encryption
The difference between Encryption, Hashing and Saltingin Everything Encryption
Re-Hashed: How To Disable Firefox Insecure Password Warningsin Hashing Out Cyber Security
Cipher Suites: Ciphers, Algorithms and Negotiating Security Settingsin Everything Encryption
The Ultimate Hacker Movies List for December 2020in Hashing Out Cyber Security Monthly Digest
Anatomy of a Scam: Work from home for Amazonin Hashing Out Cyber Security
The Top 9 Cyber Security Threats That Will Ruin Your Dayin Hashing Out Cyber Security
How strong is 256-bit Encryption?in Everything Encryption
Re-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3in Everything Encryption
How to View SSL Certificate Details in Chrome 56in Industry Lowdown
PayPal Phishing Certificates Far More Prevalent Than Previously Thoughtin Industry Lowdown