Couldn’t attend Transform 2022? Check out all the top sessions in our on-demand library now! Look here.
Phishing is becoming more entrenched as the most common form of cyber attack every year. In the first quarter of 2022the Anti-Phishing Working Group has observed the most phishing attacks in history as the quarterly volume of attacks crossed 1 million for the first time.
Despite this, organizations around the world already have two secret weapons to help turn the tide: DMARC and BIMI. DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email security standard that protects domains from exact imitation by hackers, which is a precursor to most phishing attacks. BIMI (Message Identification Brand Indicators) builds on DMARC by displaying a company’s registered trademark in a recipient’s inbox, creating visual confidence that the email message really belongs to the sender.
There is a solution – why is there still a problem?
Given the significant promise DMARC has with BIMI in stopping phishing attacks, the natural question is why are the number of attacks and the damage they inflict increasing?
To answer this question, Red Sift conducted an extensive survey to understand the state of BIMI readiness and implementation across domains, enterprises and brands. Using own data from BIMI radar, found that while more than half (51.2%) of S&P 500 companies have adopted DMARC (ie are “BIMI-ready”), only 2.4% have fully adopted BIMI. Among Fortune 500 companies, the numbers are about the same (49.9% are BIMI ready versus 3.2% with full BIMI adoption).
MetaBeat will bring together thought leaders to offer advice on how metaverse technology will change the way all industries communicate and do business October 4 in San Francisco, CA.
While this data shows that most organizations around the world have not yet reached the last mile of BIMI adoption, Apple’s support in iOS 16 represents a seismic shift that points to rapid growth ahead. In September, Apple joined Google, Yahoo, La Poste and Fastmail as the main email providers supporting BIMI. As a result, nearly 90% of consumers will be able to gain the visual confidence mentioned above by viewing logos in emails native to iOS 16 and macOS Ventura from organizations that have implemented DMARC to secure their domains.
Adoption of VMCs to be fully BIMI ready
While it makes sense to conclude that the largest companies will make more substantial investments in DMARC as part of a comprehensive security strategy, there is still a huge gap between BIMI readiness and full implementation.
To take full advantage of the BIMI logo display in email clients, companies must obtain a verified marking certificate (VMC) from an approved certificate authority such as Entrust for their primary/company domain.
Red Sift now sees more evidence that businesses are following suit, as VMC adoption now surpasses only BIMI. This shows that they value the security benefit of BIMI over DMARC over the benefits for a brand. Interestingly, more than 50% of VMCs are issued to companies with less than $50 million in revenue and less than 250 employees.
Read the full report from RedSift.
The mission of VentureBeat is a digital city square for tech decision makers to learn about transformative business technology and transactions. Discover our briefings.