After Twitter scrapped the value of blue checkmarks on its platform, there’s now a new place to watch for them: Your email!
Google plans to introduce blue checkmarks for businesses for its Gmail service. That way, Google says, email recipients will have an easier time determining whether an email is legitimate or just another piece of spam.
Social media platforms like Facebook, Twitter and Instagram — and probably others — rolled out various methods of account verification years ago. For average users like us, it has been difficult to get those little blue checkmarks. Most of us don’t have the number of followers or raise the kind of income that would make a platform consider we’re worth the effort to verify.
Some of us who work in certain fields, like journalism, have had an easier time getting professional accounts verified. But even so, our personal accounts remain active without that little icon.
Of course, Twitter’s new owner, Elon Musk, devalued that platforms verification process. Anyone on Twitter can get the little icon as long as they’re willing to pay $8 per month for Twitter Blue. As much money as successful spammers are able to bilk from consumers, $8 per month wouldn’t even be a drop in their bucket. So paying to appear legit doesn’t seem like a roadblock.
Twitter began removing the “legacy” checkmarks from those who had previously been verified as legit without subscribing. So, at least on that platform, the checkmarks on regular user accounts largely mean nothing.
Other platforms, so far, have taken the reputation of their verification programs more seriously.
Now Gmail wants to roll it out for your email
USA Today displayed a photo of an email from Google itself showing an example. The checkmark looks like the same aqua-colored icon other platforms use. That should make it easily recognizable. Hovering over it appears to call up a pop-up window:
The sender of this email has verified that they own google.com and the logo in the profile image.
Google adopted a fancy name for those blue checkmarks. It calls them Brand Indicators for Message Identification. The official BIMI site points out several organizations, including Yahoo! and Mailchimp, are behind the program.
Google said it started rolling out the first phase of its BIMI on May 3.
Google says the marks will help users identify messages from legitimate senders versus impersonators.
So how does a sender verify itself?
The process appears to require three steps. First organizations should authenticate their emails with three services: SPF, DKIM and DMARC and ensure all are aligned.
Second, the organization must produce an SVG Tiny PS version of its official logo.
Third, they must publish a BIMI record for their domain in DNS.
Sound a little complicated? Well, for organizations with officers who maintain security protocols, I imagine those steps don’t look like alphabet soup.
For example, the three services I mentioned in the first step are standards to help verify the legitimacy of a sender’s organization and logo.
The Sender Policy Framwork, Google says, specifies servers and domains authorized to send emails for your organization.
The DomainKeys Identified Mail service adds a digital signature to outgoing messages. That allows servers verify the message came from the organization.
Domain-based Message Authentication, Reporting and Conformance tells servers what to do without messages that don’t pass the other two.
Given how advanced artificial intelligence is getting, we consumers need all the help we can get when it comes to weeding through spammers. I’m glad Google is taking these steps.
But even with the blue checkmarks, it seems like good old-fashioned common sense is still our first, best defense.
