Surely you have heard or witnessed the various cases of phishing that occur all over the world. These attacks occur when you receive fraudulent emails from senders pretending to be banks, large online stores, or reputable companies with the goal of obtaining your personal data for their use.
To fight this practice, Google has looked for ways for users to Gmail users check the veracity of the emails they receiveso it will now start implement a blue check (the check mark) to senders.
Google increases security using the blue check
This new security measure was announced by Google on its blog last Wednesday. Senders will now have a blue tick next to their names, a symbol that will automatically appear for companies that have adopted the feature Gmail Marking Indicators for Message Identification (BIMI): when the user places the cursor on the blue check, a message will appear: “The sender of this email has verified that it belongs to google.com and the logo of the profile image.”
Gmail has already started rolling out these checkmarks to both Workspace accounts and personal Google accounts.
This is not the first time that Google has taken action on the matter for the prevention of phishing. In 2021 he announced the development of BIMI, which requires verification of the brand’s logo as the sender’s avatar in order to help know that the email is genuine and indeed comes from the displayed sender. All this under the DMARC protocol (domain-based message authentication).
“Strong email authentication helps users and email security systems to identify and stop spam, and also allows shippers to leverage the trust of your brand. This increases trust in email sources and gives readers an immersive experience, creating a better email ecosystem for everyone,” the company said on its blog.
How to get the blue check of Gmail
As Google explains, BIMI is activated in your domain provider, not in the Google administration console, so you will need the access data of your domain provider. BIMI uses verified brand certificates (VMC) to verify brand logo ownership. Currently, the standard BIMI requires that your logo be a registered trademark to get a VMC.
Then you will have to configure BIMI for your domain by adding a DNS text record in the management console of your domain provider. TXT records are a type of DNS record that contain information about your domain for servers and other sources outside of your domain. When you’re all set to begin setup, you’ll be able to create and upload your brand logo file following Google’s guidelines.
Here you have all the steps, summarized by Google itself.
This is how DMARC works, the technology that Google uses to authenticate verified logos
DMARC combines two technologies: the SPF (Sender Policy Framework) and the DKIM (DomainKey’s Identified Mail) acting in the gap between sender and recipient.
SPF prevents falsification of a sender’s address verifying that the emails come from a host authorized by the domain administrator
The DKIM proves that the mail has not been changed on its way to the recipient, and that originated from the specified sender.
He sender or domain owner you’ll need to configure SPF records and the DKIM public key within your DNS, as well as specify IP addresses and which signatures can execute legitimate email delivery.
With SPF the sender’s IP address is compared to a list of IP addresses registered for that domain. With the DKIM, emails are cryptographically signed upon exit with a secret code that the recipient’s ISP validates against a public key.
DMARC guarantees the integrity of this signature with these two technologies and allows the domain owner to decide what to do with messages that have not fully or partially passed the SPF and DKIM check. The domain owner will have these options:
None: the email is delivered if it has passed the DMARC.
Quarantine: the email is delivered to the spam folder.
Reject: the email is not delivered.
Stay informed of the most relevant news on our Telegram channel