Gmail is adding blue checkmarks for companies to help users identify senders
Google has announced that it is adding blue checkmarks to emails sent by companies. This will help users verify the legitimacy of the mail's sender.
When a new mail from a verified company lands in your inbox, and you open it, you may notice the verified badge next to the sender's name. While it may sound like a feature related to Twitter verified accounts, which you can get by paying for a premium subscription. Gmail's implementation of the badge is quite different.
Let's first understand why this is important. Scams and spam have always been a problem for email providers and users. Hackers still use email spoofing in phishing attacks to trick unaware users into believing that a mail is from a real source like a bank, or a shopping site, etc. If you don't check the email address of the sender, you could fall for the scam, and possibly even lose access to the account, your identity, and your money.
In a bid to protect users from such instances of online fraud, Google added support for Brand Indicators for Message Identification (BIMI) in 2021. The feature allowed participating companies to add and verify their brand logo with BIMI. The image is then used as the sender's avatar in emails that are sent to users. The user in turn could look at the picture, and learn that the mail was sent by a real company. It also looks a lot better than having the first letter of the sender's name showing up as their profile image. For reference, a Verified Mark Certificate (VMC) which is required for BIMI, costs about $1,500 a year.
The sender image method worked out for a while, until hackers began using similar images to impersonate companies and scammed users. This is precisely what Google wants to combat. That is why the Mountain View company is rolling out blue checkmarks for brands, to help Gmail users understand the difference between a verified email sender and an impersonator. The new feature expands upon BIMI's Domain-based Message Authentication, Reporting & Conformance (DMARC) for organizations that have adopted the standard.
Here's a screenshot that Google shared on its blog to illustrate the feature.
The blue checkmark appears right next to the sender's name. The badge also displays a message after hovering over the icon, it states that "the sender of the email has verified that they own the domain and the logo". Google says that security features such as the badge will provide strong email authentication, and helps both users and email security systems to identify and stop spam. It also hopes that companies can use it to leverage their brand trust.
Aside from Apple, which also supports BIMI in its own Mail app, I've only seen the sender's image in mails from a few brands such as Amazon, Spotify, Reddit, and some financial institutions, to name a few. Even mails from Google's services (such as receipts from Google Play Store) don't have the avatar picture for the sender. This shows that BIMI's adoption rate has been quite slow. Hopefully, more brands will come forward to participate in the program to protect their users.
You don't have to do anything to enable the new feature, it is a server-side change. Google says that the blue checkmarks in mails will be rolling out to all users in the coming days.