iOS 16 and macOS Ventura Combat Email Spoofing With Support for Verified Brand Logos in Mail App

iOS 16 and macOS Ventura add support for the Brand Indicators for Message Identification (BIMI) standard in the Mail app, helping users to easily verify authenticated emails sent by brands by displaying the brand's logo alongside the email's header.

iOS 16 Digitally Certified Mail
In the Mail app, emails sent by brands with a BIMI record are marked with a "Digitally Certified" label, which is visible after tapping to expand the email's header. Next to the label, a "Learn More" link leads to the following message: "This email was verified as coming from the owner of the logo shown and the domain [example.com.]"

For a brand's logo to be displayed, the sender's domain must pass DMARC authentication checks, according to the BIMI Group website. If the email passes authentication, the Mail app queries the DNS for a corresponding BIMI record.

Based on a tweet shared by software engineer Charlie Fish, it appears that Chase Bank is an example of a brand that has implemented BIMI, with the Chase logo appearing next to an email sent by the bank in the Mail app on iOS 16. BIMI is also supported by Gmail, Yahoo Mail, and Fastmail, according to BIMI Group.


This is just one of several new features added to the Mail app on iOS 16 and macOS Ventura, with others including the ability to unsend an email up to 10 seconds after sending it, scheduled emails, notifications if you forget to include an attachment on an email, support for rich links in emails, improved search functionality, and more.

Related Forum: iOS 16

Popular Stories

iPhone 17 Air Size Feature

'iPhone 17 Air' With Rear Camera Bar Allegedly Shown in Leaked Photo

Tuesday January 21, 2025 12:46 pm PST by
A leaker known as "Majin Bu" today shared an alleged image of a component for the rumored, ultra-thin "iPhone 17 Air" model. The blurry, pixelated image shows a pair of rear iPhone shells with a pill-shaped, raised camera bar along the top. On the left side of the bar, there is a circular cutout that appears to be for a single rear camera. On the right side of the bar, there appears to be an ...
Generic iOS 19 Feature Mock Light

iOS 19 Leak Reveals All-New Design

Friday January 17, 2025 2:42 pm PST by
iOS 19 is still around six months away from being announced, but a new leak has allegedly revealed a completely redesigned Camera app. Based on footage it obtained, YouTube channel Front Page Tech shared a video showing what the new Camera app will apparently look like, with the key change being translucent menus for camera controls. Overall, the design of these menus looks similar to...
iOS 18

Here Are Apple's Full Release Notes for iOS 18.3

Tuesday January 21, 2025 4:31 pm PST by
Apple provided developers and public beta testers with the release candidate version of iOS 18.3 today, and with it comes release notes confirming what's new. While we knew about several of the features that are in the update, there are some lesser known tweaks and bug fixes. The update adds new Visual Intelligence features for iPhone 16 models, it tweaks Notification summaries on all...
iPhone SE Dynamic Island Majin Bu

iPhone SE 4 Leak Shows Dynamic Island, Casts Doubt on Rumored 'iPhone 16E' Name

Monday January 20, 2025 9:01 am PST by
A new iPhone SE is widely rumored to launch this year, and the device has potentially been confirmed today by known leaker Evan Blass. In a private social media post, Blass shared an image of what appears to be source code mentioning an iPhone SE (4th Gen), which casts doubt on the alternative "iPhone 16E" name rumored for the device. However, the name in the source code could be a...
2024 App Store Awards

Apple Explains Why It Removed TikTok From the App Store in the U.S.

Sunday January 19, 2025 6:58 am PST by
Apple on late Saturday removed TikTok from the App Store in the U.S., and it has now explained why it was required to take this action. Last year, the U.S. passed a law that required Chinese company ByteDance to divest its ownership of TikTok due to potential national security risks, or else the platform would be banned. That law went into effect today, and companies like Apple and Google...
airtag 4 pack blue

AirTag 2 Launching This Year With These 3 New Features

Sunday January 19, 2025 8:11 am PST by
After a four-year wait, a new AirTag is finally expected to launch in 2025. Below, we recap rumored upgrades for the accessory. A few months ago, Bloomberg's Mark Gurman said Apple was aiming to release the AirTag 2 around the middle of 2025. While he did not offer a more specific timeframe, that means the AirTag 2 could be announced by the end of June. The original AirTag was announced...
truecaller

Truecaller iOS Update Rolls Out Real-Time Caller ID Support

Wednesday January 22, 2025 2:07 am PST by
Popular caller ID app Truecaller is rolling out an update that brings real-time caller ID support to its iOS subscribers. Apple introduced Live Caller ID Lookup in iOS 18, allowing third-party caller ID apps to securely retrieve information about a caller from their servers, hence today's Truecaller update. iPhone users can enable the Live Caller ID Lookup feature by going to Settings ➝ ...
ipad pro 2024

New iPad Pro Reportedly Launching This Year

Tuesday January 21, 2025 6:40 am PST by
Apple plans to release at least one new iPad Pro model this year, according to a supplier-focused report today from Korean website The Elec. It is likely that the 11-inch and 13-inch iPad Pro models would be updated simultaneously. After receiving an OLED display last year, the report said the iPad Pro will receive only "minor" changes this year. Overall, the next iPad Pro is expected to...
iOS 19 Roundup Feature

iOS 19 Rumored to Be Compatible With These iPhones

Saturday January 18, 2025 10:28 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cited a source who said iOS 19 will be compatible with any iPhone that can run iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro iPhone 15 Pro Max iPhone 14 iPhon...

Top Rated Comments

mikethemartian Avatar
34 months ago

While I always welcome features that increase security or privacy, I don't think this will make much of a difference because inattentive or ignorant users are easily fooled by logo graphics attached by scammers to messages. Plus from a behavioral perspective, scammers rely on fear and greed emotions. The human fight-or-flight reflex means that red flags such as obviously bogus URLs, awful grammar, bizarre word choice, or a government agency asking for gift cards are all too often ignored or discounted.
Reminds me of the scene in Catch Me If You Can when Abagnale takes the Pan-Am logos off of model planes and placed them on forged checks.
Score: 8 Votes (Like | Disagree)
Corsig Avatar
34 months ago
Waiting for someone to say this isn’t fair for the spoofers
Score: 4 Votes (Like | Disagree)
surfzen21 Avatar
34 months ago
Even if its not perfect, its definitely a step in the right direction. Knowing is on Apple's radar is a good thing.

I get a lot of these fake emails and had to do a double check on at least a few. Domain spoofers make it even more difficult.
Score: 4 Votes (Like | Disagree)
citysnaps Avatar
34 months ago
Excellent move!
Score: 4 Votes (Like | Disagree)
[AUT] Thomas Avatar
34 months ago
Not a fan of BIMI because it's once again not a solution, but just another overly complex workaround to fixing a broken system.

If all mail-servers required and enfored an organization validated server certificate for inbound connections from other servers the amount of spoofed mails and junk would be reduced by 99+%. Unfortunately, no mail provider can do that alone...

If that was about to be required by law, there would be an instant adoption and the problem essentially solved.
Score: 3 Votes (Like | Disagree)
boing Avatar
34 months ago

Apple (or the IETF) needs to replace IMAP. It was written for another age, and it's way long in the tooth.

Basically, security needs to be baked in instead of security as an afterthought. Verified senders needs to be a part of the infrastructure. It's ok to have unverified senders, but they should be marked as-such.

These days, certs are free and processing power is cheap, so issuing everyone a cert and using them for validation shouldn't be as much of a burden as it was back in the day.
No we don't want Apple (or any other big company) to replace IMAP or SMTP or HTTP. Those are the last three major open protocols left that are widely supported, even by the monopolies in email (Microsoft and Google). We should be encouraging their use to keep the Internet open, rather then siloed. Do you want what happened to chat to happen to email? In the past there were open chat standards like XMPP, well just a few days ago Google shutdown Google Talk which supported XMPP, the last widely used chat service to support XMPP. Now you have to decide to use Facebook Chat, Google Chat, Skype, WhatsApps, LINE, etc etc.. all which are siloed and don't communicate with each other or can be run on-premise in your own datacenter. You know how annoying it is for me as a Android phone user when someone uses iMessage to send me something that is not supported in my normal SMS app. I wish Apple would support RCS.

You need to understand email is comparable to phone service (calls and SMS) in the sense it is a widely supported standard, due to it being long in the tooth. These standards are open where anyone can contact you. To deal with spam email or calls, the easy thing to do is only accept them from people on your whitelist you trust. This is how most chat networks work, only people that know you (such as have your phone number in their contacts) can see to add you, which is why you notice less spam.

SMTP already supports sender verification as already described in the forum using SPF and DKIM. The mail server just needs to enforce using it. I don't think they should be blocking email completely just because the SPF or DKIM fails (since many people misconfigure it), but it should cause the mail system to score the email so high it ends up in the spam folder. When it comes to phone calls, they are trying to implement STIR/SHAKEN to combat the same thing with phone calls when it comes to verification to combat spoofing.

Even with email verification it won't completely fix the spam issue since a lot of spam is verified. A lot of email is being sent from hacked email accounts, which will look like they are verified. This means that the root of the issue with this is login authentication. Things are already occurring to improve login authentication, but using a unique hard to guess password for your email account is a major first step. A major second step being MFA. In most instances users pick easy to guess passwords, and even worst reuse that password at other places. Once one of these other places gets hacked, they have your email password. Your email password should be treated like one of you most important passwords, since every service you sign up requires your email for communication, including for security purposes. Simple security practices can go a long way to resolving a lot of issues. If your system gets hacked by way of a virus, then you are completely compromised and nothing will really protect you at that point other then a virus program that can detect and block malicious activity occurring on your system due to the virus infection.

So no we don't want to replace those, we just want to improve them as what have been occurring over the years, such as with HTTP/1.1 moving to HTTP/2, and now HTTP/3, all of which still work in a web browser. Having alternatives is not a problem, but replacing what is already open and supported will just make things more siloed since most of the companies (Google, Microsoft, and Apple) making the decisions do it for their own interests.
Score: 2 Votes (Like | Disagree)