iOS 16 and macOS Ventura Combat Email Spoofing With Support for Verified Brand Logos in Mail App

iOS 16 and macOS Ventura add support for the Brand Indicators for Message Identification (BIMI) standard in the Mail app, helping users to easily verify authenticated emails sent by brands by displaying the brand's logo alongside the email's header.

iOS 16 Digitally Certified Mail
In the Mail app, emails sent by brands with a BIMI record are marked with a "Digitally Certified" label, which is visible after tapping to expand the email's header. Next to the label, a "Learn More" link leads to the following message: "This email was verified as coming from the owner of the logo shown and the domain [example.com.]"

For a brand's logo to be displayed, the sender's domain must pass DMARC authentication checks, according to the BIMI Group website. If the email passes authentication, the Mail app queries the DNS for a corresponding BIMI record.

Based on a tweet shared by software engineer Charlie Fish, it appears that Chase Bank is an example of a brand that has implemented BIMI, with the Chase logo appearing next to an email sent by the bank in the Mail app on iOS 16. BIMI is also supported by Gmail, Yahoo Mail, and Fastmail, according to BIMI Group.


This is just one of several new features added to the Mail app on iOS 16 and macOS Ventura, with others including the ability to unsend an email up to 10 seconds after sending it, scheduled emails, notifications if you forget to include an attachment on an email, support for rich links in emails, improved search functionality, and more.

Related Roundups: iOS 16, iPadOS 16

Top Rated Comments

mikethemartian Avatar
7 weeks ago

While I always welcome features that increase security or privacy, I don't think this will make much of a difference because inattentive or ignorant users are easily fooled by logo graphics attached by scammers to messages. Plus from a behavioral perspective, scammers rely on fear and greed emotions. The human fight-or-flight reflex means that red flags such as obviously bogus URLs, awful grammar, bizarre word choice, or a government agency asking for gift cards are all too often ignored or discounted.
Reminds me of the scene in Catch Me If You Can when Abagnale takes the Pan-Am logos off of model planes and placed them on forged checks.
Score: 8 Votes (Like | Disagree)
Corsig Avatar
7 weeks ago
Waiting for someone to say this isn’t fair for the spoofers
Score: 4 Votes (Like | Disagree)
citysnaps Avatar
7 weeks ago
Excellent move!
Score: 4 Votes (Like | Disagree)
surfzen21 Avatar
7 weeks ago
Even if its not perfect, its definitely a step in the right direction. Knowing is on Apple's radar is a good thing.

I get a lot of these fake emails and had to do a double check on at least a few. Domain spoofers make it even more difficult.
Score: 3 Votes (Like | Disagree)
[AUT] Thomas Avatar
7 weeks ago
Not a fan of BIMI because it's once again not a solution, but just another overly complex workaround to fixing a broken system.

If all mail-servers required and enfored an organization validated server certificate for inbound connections from other servers the amount of spoofed mails and junk would be reduced by 99+%. Unfortunately, no mail provider can do that alone...

If that was about to be required by law, there would be an instant adoption and the problem essentially solved.
Score: 3 Votes (Like | Disagree)
boing Avatar
7 weeks ago

Apple (or the IETF) needs to replace IMAP. It was written for another age, and it's way long in the tooth.

Basically, security needs to be baked in instead of security as an afterthought. Verified senders needs to be a part of the infrastructure. It's ok to have unverified senders, but they should be marked as-such.

These days, certs are free and processing power is cheap, so issuing everyone a cert and using them for validation shouldn't be as much of a burden as it was back in the day.
No we don't want Apple (or any other big company) to replace IMAP or SMTP or HTTP. Those are the last three major open protocols left that are widely supported, even by the monopolies in email (Microsoft and Google). We should be encouraging their use to keep the Internet open, rather then siloed. Do you want what happened to chat to happen to email? In the past there were open chat standards like XMPP, well just a few days ago Google shutdown Google Talk which supported XMPP, the last widely used chat service to support XMPP. Now you have to decide to use Facebook Chat, Google Chat, Skype, WhatsApps, LINE, etc etc.. all which are siloed and don't communicate with each other or can be run on-premise in your own datacenter. You know how annoying it is for me as a Android phone user when someone uses iMessage to send me something that is not supported in my normal SMS app. I wish Apple would support RCS.

You need to understand email is comparable to phone service (calls and SMS) in the sense it is a widely supported standard, due to it being long in the tooth. These standards are open where anyone can contact you. To deal with spam email or calls, the easy thing to do is only accept them from people on your whitelist you trust. This is how most chat networks work, only people that know you (such as have your phone number in their contacts) can see to add you, which is why you notice less spam.

SMTP already supports sender verification as already described in the forum using SPF and DKIM. The mail server just needs to enforce using it. I don't think they should be blocking email completely just because the SPF or DKIM fails (since many people misconfigure it), but it should cause the mail system to score the email so high it ends up in the spam folder. When it comes to phone calls, they are trying to implement STIR/SHAKEN to combat the same thing with phone calls when it comes to verification to combat spoofing.

Even with email verification it won't completely fix the spam issue since a lot of spam is verified. A lot of email is being sent from hacked email accounts, which will look like they are verified. This means that the root of the issue with this is login authentication. Things are already occurring to improve login authentication, but using a unique hard to guess password for your email account is a major first step. A major second step being MFA. In most instances users pick easy to guess passwords, and even worst reuse that password at other places. Once one of these other places gets hacked, they have your email password. Your email password should be treated like one of you most important passwords, since every service you sign up requires your email for communication, including for security purposes. Simple security practices can go a long way to resolving a lot of issues. If your system gets hacked by way of a virus, then you are completely compromised and nothing will really protect you at that point other then a virus program that can detect and block malicious activity occurring on your system due to the virus infection.

So no we don't want to replace those, we just want to improve them as what have been occurring over the years, such as with HTTP/1.1 moving to HTTP/2, and now HTTP/3, all of which still work in a web browser. Having alternatives is not a problem, but replacing what is already open and supported will just make things more siloed since most of the companies (Google, Microsoft, and Apple) making the decisions do it for their own interests.
Score: 2 Votes (Like | Disagree)

Related Stories

mail undo send

You Can Unsend an Email 10 Seconds After It's Sent in iOS 16 Mail App

Tuesday June 7, 2022 10:29 am PDT by
Apple in iOS 16, iPadOS 16, and macOS Ventura is overhauling the Mail app and introducing a slew of new features that bring it more in line with competing mail services such as Gmail. One of those new features is a long-awaited Undo Send option, designed to let you quickly recall an email if you make a mistake. Undo Send works for up to 10 seconds after you send an email, so you don't have a ...
hide my email macos monterey

Apple Removes 'Hide My Email' Support in Third-Party Apps From macOS Ventura Features Page

Thursday August 11, 2022 7:17 pm PDT by
Apple recently removed a mention of "Hide My Email" support in third‑party apps from the macOS Ventura features page on its U.S. website, as noted by French website MacGeneration. The feature was still listed on the page as of August 3, according to the Wayback Machine, but it was removed at some point since then. Apple's website said that you would be able to "keep your personal email...
itunes connect email

Apple Erroneously Sending iTunes Connect Email to Users

Thursday July 28, 2022 5:54 am PDT by
Apple is erroneously sending emails to users asking them to update their iTunes Connect banking information, but the users receiving the emails often have no content being distributed via the service. Users have flocked to Twitter to share their confusion over the email, which reads, "we're reaching out because your banking information in iTunes Connect is invalid and needs to be corrected...
Edison Mail M1 Mac Support

Edison Mail Updated With Native Support for Apple Silicon Macs

Thursday February 17, 2022 8:02 am PST by
Edison Mail today announced that it has updated its Mac app with native support for Apple silicon, allowing the app to run faster on Macs powered by the M1, M1 Pro, and M1 Max chips. The new version of the app is available now through the Mac App Store. Edison Mail first released a desktop app for the Mac in 2019 with features such as One-Click Unsubscribe for junk emails, Block Sender,...
ios15 mail privacy feature

watchOS 8.5 Fixes Mail Privacy Protection Loophole That Could Expose IP Addresses

Tuesday March 15, 2022 6:42 am PDT by
watchOS 8.5 fixes a security vulnerability in the Mail app that could leak a user's IP address when downloading remote content, security researchers have found. Last year, it emerged that Apple's Mail Privacy Protection feature was undermined by a lack of Apple Watch support. Mail Privacy Protection was a new feature introduced with iOS 15, iPadOS 15, and macOS Monterey that hides your IP...
custom email domain mail ios 15 4

iOS 15.4 Beta Adds Support for Setting Up Custom Email Domains With iCloud Mail

Thursday January 27, 2022 5:25 pm PST by
The iOS 15.4 beta that was introduced today expands support for the custom email domain feature available for iCloud+, adding an option to set up a custom domain with iCloud Mail directly on the iPhone. If you go to Settings > Apple ID > iCloud, "iCloud Mail" is now a tappable option and it includes a section for setting up a Custom Email Domain. Prior to now, custom domains were able to...
clock weather macos ventura

Apple Seeds Third Public Beta of macOS 13 Ventura

Tuesday August 9, 2022 10:10 am PDT by
Apple today seeded the third beta of macOS Ventura to its public beta testing group, allowing non-developers to test the new macOS Ventura operating system ahead of its release. The third beta comes two weeks after the second public beta and it corresponds with the fifth developer beta. Public beta testers can download the macOS 13 Ventura update from the Software Update section of the...
maxresdefault

Hands-On With macOS Ventura

Friday June 10, 2022 12:30 pm PDT by
Apple on Monday introduced macOS Ventura, the newest version of the operating system that runs on the Mac. Set to come out this fall, macOS Ventura is currently available to developers, so we thought we'd take a deep dive to show MacRumors readers all of the new features that are in the update. Subscribe to the MacRumors YouTube channel for more videos. Our latest YouTube video highlights...

Popular Stories

iPhone 14 Pro Purple Rear Flat MacRumors Exclusive

iPhone 14 Pro Predicted to Start With Increased 256GB Storage Alongside Rumored Price Increase

Wednesday August 10, 2022 11:14 am PDT by
Earlier today, analyst Ming-Chi Kuo claimed iPhone 14 Pro models will be more expensive than iPhone 13 Pro models. Kuo did not reveal exact pricing, but he said that the average selling price of all four iPhone 14 models will increase by about 15% overall. While higher prices would be disappointing for customers, it is possible the iPhone 14 Pro and iPhone 14 Pro Max will offer increased...
iPhone 14 Pro Lineup Feature Silver

Kuo: Apple to Increase Prices of iPhone 14 Pro Models

Wednesday August 10, 2022 8:22 am PDT by
Apple plans to increase the prices of iPhone 14 Pro models compared to iPhone 13 Pro models, according to analyst Ming-Chi Kuo. Kuo did not reveal exact pricing for the iPhone 14 Pro models. However, in a tweet today, he estimated that the average selling price of the iPhone 14 lineup as a whole will increase by about 15% compared to the iPhone 13 lineup. In the United States, the iPhone...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive feature

iPhone 14 Is Just a Few Weeks Away: Three Tips to Prepare for the New iPhone

Wednesday August 10, 2022 4:08 am PDT by
The launch of the new iPhone 14 is just a few weeks away, meaning millions of iPhone customers will soon upgrade their existing iPhone or perhaps get an iPhone for the first time. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo Whether upgrading from an older model or this is your first iPhone, we've rounded up a few tips to help you prepare for the next flagship...
battery percentage ios 16

Here's Why the iPhone Battery Status Icon in iOS 16 Is So Controversial

Wednesday August 10, 2022 4:34 am PDT by
In the latest iOS 16 beta, Apple has updated the status bar battery icon on iPhones with Face ID to display the exact percentage remaining rather than just a visual representation of battery level, and while the change has been largely welcomed, some users are unhappy with the way it has been implemented. In iOS 15 and earlier, battery percent has not been present on iPhones that have...
Apple Watch Body Temperature Finished

'High-Accuracy' Apple Watch Temperature Sensor Revealed by Patent Filing Just Weeks Before Series 8 Unveiling

Wednesday August 10, 2022 5:39 am PDT by
Apple has been granted a patent for a temperature sensor suitable for the Apple Watch, just weeks before the company is expected to unveil the Apple Watch Series 8 with body temperature sensing capabilities. The newly granted patent, spotted by MyHealthyApple, was filed with the United States Patent and Trademark Office and is titled "Temperature gradient sensing in electronic devices."...