Gmail puts BIMI on pause while addressing exploit

Google seems to have put Gmail's BIMI logo checking (and the new blue checkmark) on hold temporarily starting perhaps on Monday, June 5th, while they roll out a fix to address an exploit that was allowing bad guys to spoof authentication on mail sent from certain platforms into Gmail mailboxes.

I've got multiple examples in my own inbox: Last week's mail from that sender shows a BIMI logo and blue checkmark (still, even today, when checking), but Monday or Tuesday's email from that same sender shows no such logo and no blue checkmark. Others have confirmed to me that they see something similar; some exactly the same, some not. Fellow email nerd Hagop Khatchoian notes that he was only seeing a BIMI pause when dual DKIM signatures are in play. I also note that daily emails from Amazon seem to show no pause in Amazon's BIMI logo display (with checkmark).

This appears to have started at some point on June 5th and as of today, June 7th at 9:00 am, I'm seeing signs that some or all BIMI functionality has been restored; my daily emails from a large financial sender showed no BIMI logo on Monday or Tuesday, but it seems to be back today.

Post a Comment