Apple will add another barrier for successful phishing attacks in iOS 16, iPadOS 16, and macOS Ventura, which will display the company's official logo to help recipients recognize genuine emails from fake ones.

Mark indicators for message identification

Upcoming Apple operating systems will support Mark Indicators for Message Identification (BIMI). This is a specification that allows the use of brand controlled logos in emails and will be a way of telling recipients that an email is really from the company in question. Google has supported BIMI since 2021.

BIMI requires companies to authenticate their email using DMARC. Described in more detail by the IETF in a March 2015 document, DMARC helps email administrators prevent hackers and other attackers from spoofing their organization and domain.

The functionality will not provide complete peace of mind.

  • Not all companies will be certified (although if you want to start using the system in your company, the BIMI website is a good place to start).
  • Many small businesses will likely never get certified, and the system itself may be abused over time – those who create these attacks are always inventive.
  • The feature also requires email client support, which won't appear until Apple ships the next iterations of its operating systems.

What does BIMI offer?

But what BIMI provides is a visual way to measure trust when receiving a message, which helps protect against phishing and ransomware vulnerabilities by making it much harder for criminals to 'spoof brand names in emails' .

This is important in a pluralistic sense: we have all experienced malware infection attempts buried in emails purporting to be from major brands.

It can also help protect corporate communications by making it more difficult for targeted phishing attempts against companies or supply chain partners to be successfully launched.

This is especially important given that ransomware attackers are currently targeting small businesses, while larger entities implement better protection, and manufacturing companies often rely on outdated security practices. That's why the relatively recent US Cybersecurity and Infrastructure Security Agency has named manufacturing one of the critical US sectors in need of better security protection.

The main use is B2C marketing, of course. Marketers will use BIMI extensively when trying to persuade customers to open email marketing campaigns.

The marketing magic sauce of combining a trusted brand with relevant content will continue to be essential to success. Of note is a recent study that suggests consumers are more likely to open emails that display a logo next to the email, and that this type of branding also improves brand recognition over time.

How does it work

BIMI allows brands to verify the authenticity of the emails they send. Once verified, the system can display the company logo in a relevant position within a support email client. BIMI is a text file that is saved on the sender's server, which can be checked by ISPs handling end-user traffic for authenticity.

This integration between BIMI, DMARC and the email client makes it difficult for spammers to figure out how to display their fake logo in one place. The effect is that customers can see if an email is genuine and can delete non-genuine ones without even opening the offending message, further reducing the risk of accidentally executing malicious code.

secure internet

Apple's decision to support BIMI in Mail echoes the industry's acceptance of the standard. Google yahoo! Mail, AOL, Verizon and Microsoft support it. The addition of Apple means that the standard has reached critical mass.

This is not the only attempt to block the Internet experience on Apple's platforms in its upcoming OS updates. Your decision to standardize on an alternative to CAPTCHA will reduce friction online (and help protect users' IP addresses). Its support for next generation authentication in the form of access keys will be seen as an important step towards replacing password protection with more effective account/service biometric security. Apple continues to invest in privacy, with better cross-site scripting protection on the way and endpoint security enhancements also on the horizon as declarative device management comes to the Mac.

Follow me on Twitter or join me at AppleHolic's bar & grill and the Apple discussion groups on MeWe.

Copyright © 2022 IDG Communications, Inc.

Share This