Brand Indicators for Message Identification (BIMI) is a standard that allows domain owners to coordinate with Mail User Agents (MUAs) to display brand-specific indicators or logos next to properly authenticated messages. A Verified Mark Certificate allows an email service to authenticate a logo, but currently BIMI is susceptible to DNS spoofing attacks. In this work, BIMI messages are protected from DNS spoofing by aligning the message’s DomainKeys Identified Mail (DKIM) public key with the public key associated with the VMC. The email service may validate the alignment between the keys as part of the authentication of the message. When the keys match, the email service may display the indicator or logo along with the message. When the keys do not match, the email service may reject the authentication and not display the logo or indicator.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Krueger, Brett, "Using a Certificate Public Key to Protect DKIM Public Key Spoofing", Technical Disclosure Commons, (April 07, 2020)