Google stated last month that Gmail users would start noticing blue tick marks next to brand logos for senders taking part in the program’s Brand Indicators for Message Identification. BIMI and its blue tick mark were intended to take a stand against email impersonation and phishing by giving clients further assurance that branded senders are who they say they are.
Less than a month after the launch of BIMI, scammers managed to get beyond its security measures and successfully impersonate companies, sending emails to Google users that claimed to be from the logistics firm UPS.
Now Google claims that it is tightening its BIMI verification procedure and is blaming an unknown “third-party” for enabling the usage of its services in ways that evaded its security protections and sent faked messages to inboxes. The eye-watering intricacy of the contemporary email environment is demonstrated by the fact that experts claim email providers, including Microsoft, may still be facilitating this kind of behaviour and are not doing enough to solve it.