Valimail- Experts & Thought Leaders

DigiCert, a pioneering global provider of digital trust, announced the availability of its Common Mark Certificate, a new type of certificate designed to help organisations enhance the security and value of their email communications. For organisations with logos protected under prior use–rather than registered trademarks-Common Mark Certificates enable the enhanced brand recognition and email deliverability benefits that come from displaying the sender's logo in the recipient’s inboxes. Benefits of BIMI The industry raised Domain-based Message Authentication in 2012 to stop brand impersonation The 2024 Identity Fraud Study by Javelin Strategy & Research reports that U.S. adults lost USD 43 billion to identity fraud in 2023, a 13% rise from the previous year. Phishing remains a major threat, tricking people into sharing personal data or clicking malware links. To combat this, the industry introduced Domain-based Message Authentication (DMARC) in 2012 to prevent brand impersonation.  Major email providers later supported Brand Indicators for Message Identification (BIMI) to incentivise DMARC adoption, requiring senders to verify logo ownership through mark certificates. Common Mark Certificates unlock the benefits of BIMI for more organisations. DigiCert’s commitment  "DigiCert’s new Common Mark Certificates are a game-changer for organisations looking to enhance the security and branding of their email communications,” said Dean Coclin, Senior Director of Digital Trust Services at DigiCert. “By removing the trademark requirement, we’re opening the benefits of BIMI to a broader range of businesses, allowing them to build trust and visibility in their customers’ inboxes. This offering aligns with DigiCert’s commitment to simplifying digital trust while helping organisations meet critical email authentication standards that are becoming increasingly important for both security and brand reputation." Security and DMARC enforcement "Common Mark Certificates are a significant step forward in making email authentication and BIMI more broadly accessible, empowering businesses of all sizes to leverage this powerful technology," said Seth Blank, CTO of Valimail and Chair of the AuthIndicators Working Group, which develops the BIMI standard. "At Valimail, we understand the importance of building trust and ensuring security in email communications. DigiCert’s new offering will enable more businesses to take advantage of BIMI, helping them boost brand visibility while reinforcing their commitment to email security and DMARC enforcement." Common Mark Certificates While companies must still complete a validation process to verify ownership of their email domain and logo, Common Mark Certificates offer the flexibility to secure logos not formally covered by a registered trademark, such as holiday-themed or cause-related variations.  DigiCert's Common Mark Certificates also align with email authentication standards like SPF, DKIM, and DMARC, meeting the recent requirements set by Google and Yahoo for bulk email senders.

As the commentaries that follow detail, in 2024, Valimail pioneers can expect to see a dramatic escalation in AI-fueled disinformation and sophisticated cyber threats, especially during the U.S. election year. With disinformation spreading more rapidly due to advanced AI tools, email authentication will become critical to safeguard against false narratives. The election season will likely see intensified information attacks, highlighting the need for stringent verification of digital communications. Cyber landscape As cyber threats grow more sophisticated with AI advancements, robust authentication will emerge as a key defence necessary to discern real interactions from AI-generated deceptions. This evolving cyber landscape underscores the urgency of adapting security strategies to outpace these emerging challenges. CEO's comments Valimail’s Alexander Garcia-Tobar, CEO and Co-Founder says, A Rise in Disinformation Influenced by Global Events and AI:  In 2024, there will be an acceleration in disinformation, exacerbated by ongoing global conflicts" “In 2024, there will be an acceleration in disinformation, exacerbated by ongoing global conflicts and the growing availability of AI tools that will create and/or spread false narratives more rapidly and convincingly." "This trend will be viewed against a backdrop of declining public trust in institutions, a phenomenon intensified by the US election year. With email being the primary communication tool used, validating sender authentication will become increasingly more important.” Election Year Vulnerabilities and State Actor Threats:  “2024 brings a national election, which will bring a heightened risk of targeted information attacks, especially given explicit warnings from foreign state actors about their intentions to disrupt or influence the electoral process through information warfare." "With email and social networks as primary attack vectors, there will be an increased need to know the authenticity of the sender/originator of the communication.” A Rise in the Importance of Email Authentication and Transparency in Digital Communication:  The source or authorship of information must be verifiable, reducing the potential for impersonation" “Email authentication will play a crucial role in maintaining the integrity of digital communications, especially as disinformation becomes more prevalent. Ensuring the authenticity of the sender will gain acceptance as a vital first step in building trust and accountability online." "This will include the need for transparency in content creation, where the source or authorship of information must be verifiable, reducing the potential for impersonation and misinformation.” CTO's comments Seth Blank, Chief Technology Officer (CTO), Valimail, Increased sophistication and pervasiveness of cyber threats with AI:  “There will be a significant rise in the sophistication of cyber threats, primarily due to the advancement and widespread use of AI and generative AI. This will lead to an increase in the challenges in determining the authenticity of communications as AI technologies become more capable of imitating real human interactions. The potential for more realistic phishing attacks and the spread of disinformation, leveraging AI's ability to mimic different personas convincingly, will be a part of this." "It’s important to underscore that AI can be used not only for beneficial purposes but also maliciously, making it increasingly difficult to discern genuine communications from fraudulent ones. As email has been abused by generative content for decades, the ecosystem should look at email’s existing protections as a way to protect itself from the new threats of generative AI.” Authentication Will Be the Key Defence Strategy:  Emphasis will be put on the need for more robust and sophisticated authentication mechanisms" “Authentication will become the first line of defence against sophisticated cyber threats. And any communication lacking proper authentication will be treated with suspicion." "This approach will become an accepted crucial measure in filtering out potential threats and reducing the risk of falling prey to AI-generated frauds or disinformation campaigns. Emphasis will be put on the need for more robust and sophisticated authentication mechanisms to keep pace with the evolving nature of cyber threats.” A Shift in Threat Landscape Due to Improved Email Security:  “With advancements in email security, particularly through stringent authentication requirements, there will be a shift in the threat landscape. As email becomes more secure and less susceptible to attacks, attackers will pivot to other, less secure communication channels, such as SMS, phone calls, and IOT communications." "This shift will reflect the adaptive nature of cyber-criminals, who continually seek out the weakest points in the security infrastructure, and highlight the ongoing challenge of maintaining a comprehensive security posture that evolves in response to the changing tactics of cyber attackers.”

DigiCert, Inc., the provider of TLS/SSL, IoT and other PKI solutions, and Valimail, the provider of identity-based anti-phishing solutions, announce that they are partnering to help companies prepare for Brand Indicators for Message Identification (BIMI), a new standard currently in pilot that allows companies to display a verified logo in emails with a Verified Mark Certificate (VMC). “DigiCert is pleased to partner with Valimail to support pilots that advance the BIMI email security standard with VMCs,” said DigiCert Senior Director of Business Development Dean Coclin. “We anticipate growing demand for digital certificates displaying verified logos in email and are developing scalable solutions to help companies be ready on day one.” Making the ecosystem more secure “BIMI is a huge step forward for email marketing, and when combined with DMARC enforcement it will help make the entire ecosystem more secure,” said Steve Mock, VP of Business Development for Valimail. “We’re very proud to be working with DigiCert to create a one-stop shop for companies to make themselves BIMI-ready.” A major BIMI pilot with Yahoo has been underway for the past year, and Google has recently announced plans to launch a BIMI pilot in 2020. Upcoming BIMI pilots are expected to require VMCs for participants. DigiCert issued the first VMC for a domain that sends email at scale to CNN in October 2019. Automated certificate management DigiCert and Valimail are working together to establish a streamlined experience for companies DigiCert and Valimail are working together to establish a streamlined experience for companies to enforce Domain-based Message Authentication, Reporting and Conformance (DMARC), an email authentication, policy and reporting protocol, and receive VMCs, both essential steps for BIMI compliance. DigiCert’s platform, together with regional staffing and expertise, enable fast, scalable and automated certificate management. The Valimail platform makes DMARC compliance faster and easier, and also offers an automated way for customers to manage BIMI configuration. VMCs provide the following benefits for early adopter organisations: Long term, ensure customers see their logo in their inbox — even before they open the email. Provide an additional layer of protection against identity-targeted attacks through DMARC compliance. Deliver a more authentic, recognisable and unified brand experience from email to conversion. Distinguish one's messaging from the clutter. Improve deliverability and open rates by up to 10%. Trustworthy inbox experience DMARC enforcement is a key tool in companies’ battles against growing amounts of email phishing campaigns. DMARC gives companies visibility into who is sending emails from their domains, and gives them the ability to control which of those services or servers are allowed to do so. With an enforcement policy, unauthorised senders using the domain are automatically blocked by most receiving mail servers in the world today. VMCs enable companies using DMARC to place a verified, trademarked logo next to the ‘sender’ field in customers’ inboxes. Developed by the AuthIndicators Working Group, the BIMI pilot program is intended to create a more trustworthy inbox experience for all email users worldwide through increasing the use of authentication to reduce email fraud.  Localised security standards DigiCert is the issuer of digital certificates, with a global presence and highly scalable infrastructure that makes it the top choice for emerging global and localised security standards using cryptography to authenticate identities and encrypt information online. DigiCert is supporting BIMI pilots in anticipation of a broad offering in its DigiCert CertCentral® TLS Manager DigiCert is supporting BIMI pilots in anticipation of a broad offering in its DigiCert CertCentral® TLS Manager, available in 11 languages and nine currencies, later this year. DigiCert was recently named 2020 Global Company of the Year in the TLS certificate market by Frost & Sullivan, in recognition of its strong market leadership in its growth, supporting the adoption of new standards and continually innovating with the most modern public key infrastructure (PKI) technology. Announcing additional developments Valimail is a pioneer in the DMARC space. This pioneering zero-trust identity-based anti-phishing company offers the only complete, cloud-native platform for validating and authenticating sender identity. It provides the most complete, effective visibility tool for interpreting DMARC reports, with the highest success rate among customers for achieving DMARC enforcement. It is also the provider of DMARC services to Microsoft 365 customers, and a growing DMARC vendor. Valimail and DigiCert are continuing to build on their partnership and will announce additional developments and milestones in the coming months.