1

Preventing Brand Impersonation: DMARC & BIMI

Imagine an email that looks like it’s from your company’s CEO or a trusted brand partner. The email address appears legitimate at first glance, but on closer inspection one letter is off. This subtle trick is how cybercriminals use look-alike domains to impersonate brands and executives. The rise of remote work and digital communication has only amplified this threat. Brand impersonation via fake domains is surging – attacks rose by 274% in late 2021 compared to the prior year. The impact goes beyond IT headaches: customers lose money, businesses suffer reputational damage, and hard-won trust evaporates overnight. In fact, phishing (often fueled by domain impersonation) costs businesses an average of $4.65 million per incident. To safeguard their brand reputation and customers, organizations must get proactive about stopping these scams.

Attackers often register look-alike domains (e.g. replacing letters with similar characters) to trick users into believing emails are legitimate. These fake addresses can be easily overlooked in a crowded inbox, leading to financial or data losses.

The good news is that solutions like DMARC (Domain-based Message Authentication, Reporting & Conformance) and BIMI 2.0 (Brand Indicators for Message Identification) offer a powerful defense. DMARC ensures only your authorized servers can send emails on your behalf, blocking many spoofed emails before they reach inboxes. Meanwhile, BIMI 2.0 allows your verified brand logo to appear in recipients’ email clients, giving a visual stamp of authenticity that impostors can’t easily mimic. In the following sections, we’ll explore real-world impersonation examples and how DMARC and BIMI work together to protect mid-sized and large organizations from look-alike domain threats.

Case Studies of Brand Impersonation that lead to Financial Loss.

Real incidents underscore how costly look-alike domain attacks can be. In one case, scammers impersonated both sides of an investment deal by registering fake domains one character off from each company’s real domain. Posing as a Chinese venture firm and an Israeli startup, the attackers inserted themselves into an email thread about a funding transfer. They simply added an “s” to the legitimate domains and sent messages that fooled both parties, ultimately redirecting a $1 million payment into the attackers’ account. Over 32 emails, neither the investors nor the startup noticed the minor spelling change, illustrating how convincing these schemes can be. By the time the fraud was uncovered, the money was gone.

Another example involved a UK affiliate of Caterpillar Inc., a Fortune 100 company. In 2019, this subsidiary fell victim to a similar business email compromise (BEC) scam. Attackers first stole the credentials of a senior executive, then emailed fake invoices to the finance department from a look-alike domain. The fraudulent domain and emails were crafted to appear genuine – even using the company’s logo and formats. Over a week, the impostors tricked employees into approving multiple fund transfers. By the end of the scam, about $11 million had been wired to criminal accounts. Law enforcement later revealed that the criminals had used spoofed domains and cleverly timed messages to bypass verification checks. These cases (and many others) show that even well-defended organizations can be duped by domain impersonation, leading to multi-million dollar losses and legal fallout.

Such stories are alarmingly common. During the pandemic, over 7,000 company CEOs were impersonated in email scams within just six months. And according to the U.S. Federal Trade Commission, impersonation fraud (including fake domains and profiles) caused about $2 billion in reported losses in 2020–2021. Whether it’s stealing payments or customer credentials, look-alike domain attacks strike at the heart of an organization’s brand trust. This is why executives must treat email domain security as mission-critical. In the next section, we’ll see how implementing DMARC can sharply reduce the risk of these spoofing attacks.

Role of DMARC in preventing Brand Impersonation

Email is often the first point of attack for impersonators. DMARC is an email authentication protocol designed to stop attackers from spoofing your exact domain in emails. It builds on two earlier standards, SPF and DKIM, which verify that an email is coming from an authorized server and hasn’t been tampered with. In simple terms, DMARC allows your organization to publish a policy telling receiving mail servers: “If an email purports to be from my domain but fails authentication, don’t deliver it.” With DMARC in place, forged emails supposedly from your company (e.g. [email protected] sent from a hacker’s server) will get blocked or quarantined, never reaching the target’s inbox.

This has a direct impact on preventing brand impersonation. By confirming domain ownership and email sender identity, DMARC helps stop hackers from impersonating trusted senders like banks or government agencies. For example, if someone tries to send emails as @yourbank.com without permission, a properly enforced DMARC policy will mark those emails as fraudulent and reject them. This forces attackers to resort to look-alike domains (since your real domain is off-limits for spoofing). Every legitimate email domain protected by DMARC reduces the attacker’s room to maneuver.

The benefits of DMARC are not just theoretical. Organizations that adopt DMARC often see significant drops in successful phishing emails using their names. DMARC provides visibility as well: it sends back reports on who is sending email purporting to be from your domain. Your security team can use these reports to discover unauthorized use, whether it’s a malicious actor or a misconfigured third-party service. Over time, DMARC enforcement builds customer confidence too. When customers consistently receive your emails (newsletters, invoices, alerts) without issue, but malicious fakes are filtered out, they learn to trust that emails from your domain are legitimate. As one industry source puts it, DMARC is the only solution that enables internet-scale email protection and prevents fraudulent use of legitimate brands via email. In an era of rampant phishing, that protection is invaluable.

However, it’s important to recognize DMARC’s scope: it stops direct domain spoofing, but it doesn’t block look-alike domains that attackers register (since those are technically different domains). This is where user education and additional measures come in. Still, by shutting the door on exact-domain impersonation, DMARC dramatically shrinks the attack surface. It also lays the groundwork for advanced solutions like BIMI. In fact, to deploy BIMI’s brand indicators, you first need to reach DMARC enforcement. We’ll next explore how BIMI 2.0 leverages DMARC to put your brand’s stamp of authenticity on every email.

BIMI Implementation to Improve Brand Visibility

While DMARC works behind the scenes, BIMI (Brand Indicators for Message Identification) brings a very visible layer of defense. BIMI allows organizations to display their official logo next to emails in supported inboxes, but only after the email passes strict authentication. It’s essentially a digital signature of your brand’s identity. When customers see your logo in their inbox list or email preview pane, it provides instant recognition and reassurance. This is especially powerful in a world where scammers can create emails that look convincingly similar – except they can’t easily fake your actual logo appearing as an authenticated badge.

How does BIMI reinforce legitimacy? First, BIMI requires that the sender domain has a DMARC policy in enforcement (quarantine or reject). This means only emails that are already verified as truly from your organization will even be considered for the logo treatment. Second, BIMI involves publishing a special DNS record pointing to your brand’s logo (in a secure SVG image format). For the highest level of trust (what some call “BIMI 2.0”), many providers also require a Verified Mark Certificate (VMC). A VMC is like a digital notarization of your logo – it’s issued by a certificate authority after verifying your trademark rights. The VMC prevents scammers from using someone else’s logo. In practice, if a bad actor tries to use a look-alike domain to send emails, they won’t have your matching logo and VMC. Their emails will either show no logo or a generic icon, immediately standing out as suspicious when compared to your legitimate BIMI-enabled emails.

Email providers such as Gmail, Yahoo Mail, and others have embraced BIMI. In Gmail’s case, BIMI has been enhanced with a blue checkmark icon that appears next to the sender’s name for verified brands. This checkmark, introduced in 2023, tells users at a glance that the sender has been authenticated and their logo is officially verified. It’s similar to a social media “verified” badge, but for email. The combination of your logo plus Gmail’s blue checkmark makes it much easier for customers to distinguish your real emails from impersonators. Attackers sending from a look-alike domain won’t have that badge of trust.

Gmail now displays a brand’s verified logo (in this example, Google’s “G”) and a blue checkmark next to the sender name when BIMI is implemented. This visual verification tells recipients that the sender owns the domain and the logo, helping to flag any look-alike domain without these indicators.

BIMI’s value isn’t just in security – it also offers a marketing upside. Every time your email lands in an inbox with your logo, you reinforce brand recognition. Consistent branding builds customer confidence. One early pilot of BIMI found that customers were more likely to engage with emails that showed brand logos, as they felt more legitimate. In essence, BIMI provides a convenient visual cue that an email has been authenticated, which “puts the trust back into email” and can even increase read rates. For executives (CIOs, CTOs, CMOs, CISOs), this means an investment in BIMI not only bolsters security but also can improve email marketing effectiveness – truly a win-win.

In summary, BIMI implementation involves verifying your emails with DMARC and then leveraging that foundation to display your brand logo in customer inboxes. It’s a newer capability, but it’s rapidly gaining support. As of today, Gmail and Yahoo Mail are the biggest adopters, and other mail providers are watching closely. By getting on board with BIMI early, organizations demonstrate industry leadership in email security and customer experience. Next, let’s look at how to technically roll out DMARC and BIMI, and what challenges you might encounter along the way.