07/26 Update below. This post was originally published on July 23
Confidence in Gmail took a hit earlier this month when a serious spam filter flaw sent potentially malicious emails direct to users’ inboxes. Now Google has revealed an ingenious way to win back users’ trust.
In an official blog post called ‘Safety first’, Google has announced a new security standard for Gmail which has the potential to permanently remove the threat of billions of phishing emails. Dubbed ‘BIMI’ (Brand Indicators for Message Identification), it builds authentication directly into company logos and means you may never fall foul of a fake eBay or banking email ever again.
07/25 Update: Google has started to roll out a number of its big Gmail upgrades more widely. Initially targeting G Suite users, the integration of messaging and meeting features with Gmail has taken another step forward for end users with Google adding Meet integration to Gmail on Android. It is worth noting that Meet integration will be on by default, so if you don't want it you need to go to settings within the app, deselect “Show the Meet tab for video calling”. Google is clearly keen to aggressively upgrade its Gmail and messaging tools, so expect further announcements in the near future.
07/26 Update: A source with knowledge of Google's plans for Gmail tells me that, like its big redesign plans for the service, we may actually be waiting longer than expected for BIMI to trickle down to end users. A lot will depend on the pilot program, with G Suite customers and its adoption by end users, but this is primarily being positioned for business-to-business communication. My source still expects the feature to come to standard Gmail accounts eventually, but this may not be before 2021. Until then, make sure you are careful to watch out for phishing emails in Gmail, given the service's spam filter recently showed it is not infallible.
BIMI works by enabling companies to validate ownership of their corporate logos directly with Google. “Once these authenticated emails pass all of our other anti-abuse checks, Gmail will start displaying the logo in existing avatar slots in the Gmail UI.” The second part of this system is genius because it makes it easy for Gmail users to identify verified emails.
Yes, there will be a crossover period as companies apply for these validations, but the benefits are so clear that I would expect them to move quickly on this. In fact, there’s an early mover advantage because emails which show their corporate logo in your inbox will catch your attention more easily than those without.
What about downsides? Yes, there are a few. The biggest is that Google is piloting this scheme with G Suite users rather than Gmail users at large. The second is that the pilot scheme won’t become “generally available” for several months. That said, after decades of trying to spot ever more sophisticated phishing emails, waiting a little longer feels like a small price to pay for a potential game-changer.
Coming just one week after Gmail’s ambitious overhaul, it’s safe to say that Google is now on a roll.