8 Things you need to know about the Apple and BIMI announcement

Apple now supports BIMI (Brand Indicators for Message Identification) in iOS 16, as revealed in its iOS 16 features page and Support documentation. But what does this mean, and how does this impact you? In this blog we answer your questions; here are 8 things you need to know about the Apple and BIMI announcement. 

1. What does Apple’s announcement mean?

The AuthIndicators Working Group (BIMI Group) announced in June that Apple would support BIMI in iOS 16 and macOS Ventura. This means that users of Apple Mail will be able to see verified logos on emails sent by companies that are DMARC protected. This not only signifies a shift in attitudes towards standardization of secure email but will improve brand impressions and brand reach for businesses that adopt – or have already adopted – BIMI. 

2. Why is Apple’s support for BIMI important, and how can this be helpful to me?

Apple’s newly announced support for BIMI is exciting, and it signals a seismic shift in the importance of logo verification in email utilizing the VMC digital certificate. The announcement is important for a number of reasons: 

  • Apple’s support extends the reach of BIMI into a new mailbox provider and email clients
  • Apple’s support is a sign of increasing market confidence in BIMI
  • Apple’s native support in iOS expands adoption beyond just webmail clients and mobile apps (i.e. Yahoo/Google)
  • Apple will bring BIMI to many more consumers with this change
  • Apple is indicating support for email security and DMARC 

Apple is extending its support for BIMI by indicating in the header that mail is now “digitally certified” through the verification of BIMI with VMC. This is significant as a statement of trust in the sender of the message from that specific domain.  BIMI is in effect being used as a visual security signal.

The alert message shown when a user clicks the blue “Learn More” text

3. What is the timing for Apple’s support?

This is available now with the launch of iOS 16, with iPadOS 16 and macOS Ventura support coming in October.

“Apple’s adoption of the BIMI standard in macOS Ventura/iOS 16 in this first iteration sends a clear message to all mailbox providers; digitally certified email plays a pivotal role now, and the ability to display verified logos in the email will only become more important going forward.” 

Chuck Swenberg, SVP Strategy, Red Sift 

4. Will BIMI in Apple’s mail clients require a Verified Mark Certificate (VMC)?

Yes, this is the basis of their ‘digitally certified email’ message. Red Sift offers the only integrated BIMI and VMC solution in conjunction with Entrust. 

5. Will Apple’s support cover current BIMI mailbox providers like Google and Yahoo as well as mailbox providers like Microsoft and Comcast who do not yet participate in BIMI?

Apple has not yet said anything publicly, but our testing indicates that Apple’s support is for mail sent from BIMI and VMC-enabled domains to icloud.com addresses (as well as me.com and mac.com) only at this point.

Our assumption is that email recipients with @icloud.com, @mac.com, and @me.com addresses will see a BIMI logo from the sender. Any Apple user can create an iCloud email mailbox, but a smaller percentage actually use it as you can now create an Apple ID with a third-party email address.

6. How many icloud.com users are there vs. Apple Mail users (with any mailbox provider) generally?

There are no published figures for this and iCloud generally (backups, etc.) can mistakenly be conflated with icloud.com mailboxes.

7. Does the BIMI logo show up in the list view, and what might it look like? 

Apple has not said publicly. However, our testing indicates that it is available in both the list and message detail view on macOS Ventura and in the message detail view on iOS 16 as there is no logo slot supporting a list view capability.

It’s worth noting that email clients can change and as BIMI adoption grows we expect to see further enhancements to them. We at Red Sift will maintain coverage on the aspects of BIMI implementation through launch to ensure we remain a trusted source of information regarding VMC/BIMI.

8. Why is Red Sift best positioned to support Apple’s move to BIMI?

Apple’s support for BIMI means email security matters to them, and we’re moving closer to standardization with VMC support. This isn’t just a Google and Yahoo project, and the addition of Apple to the roster of the world’s largest email companies supporting BIMI builds continued momentum in the market. 

BIMI with VMC is the best way to ensure your logo is displayed in as many mailboxes and email clients as possible. Red Sift provides the only integrated solution to accomplish this quickly and efficiently.

At Red Sift, we offer the easiest way to display a verified logo in email, and we’re best placed to support your BIMI implementation for a number of reasons:

  • We offer the only integrated BIMI/VMC solution in the market making it easy for customers to enable BIMI regardless of their DMARC provider
  • We’ve been working with VMC longer than any other DMARC provider and have issued and implemented more VMCs than any other DMARC provider.

Our entire team of Customer Success, Sales, Marketing, and Product/Development is fully engaged in all aspects of DMARC/VMC (BIMI) implementation and support, meaning we can offer organizations: 

  1. More expertise & knowledge
  2. Greater levels of service and support
  3. A clear SLA for BIMI Implementation (no other provider offers this)

Red Sift and Entrust make email better with BIMI 

Apple’s adoption of BIMI is truly exciting, signifying a change in attitudes towards security and verification as standard practice in electronic communication. Our enhanced partnership with Entrust means we’re creating even more value by enabling organizations to manage their logo and obtain VMCs from Entrust directly through OnDMARC. This means it’s easier than ever for brands to ensure a safe, immersive experience for recipients of their outbound email.

Find out more about BIMI with our free resource pack or get in touch today to book your free consultation with the team, and get started on your journey to better email with BIMI. 

bimi resource pack


Chuck Swenberg

12 Sep. 2022



Recent Posts


Introducing DNS Guardian: Stop impersonation and spam caused by domain takeovers 

Rahul Powar

tl;dr: We’re thrilled to announce DNS Guardian — a new feature in Red Sift OnDMARC that can swiftly identify and stop domain takeovers that lead to malicious mail. Back in February, we shared updates with the community about SubdoMailing – an attack discovered by Guardio Labs. The attack was a form of subdomain takeover,…

Read more

Navigating the Information Security Landscape: ISO 27001 vs. SOC 2

Red Sift

As cyber threats evolve, so do the standards and frameworks designed to combat them. Two of the most recognized standards in information security are ISO 27001 and SOC 2. What sets them apart, and which one is right for your organization? Let’s delve into the key differences. Purpose and Scope: Global Framework vs. Client-Centric…

Read more

G2 Summer 2024 Report: Red Sift OnDMARC’s Winning Streak Continues

Francesca Rünger-Field

We’re delighted to announce that Red Sift OnDMARC has again been named a Leader in G2’s DMARC category for Summer 2024. This recognition is based on our high Customer Satisfaction scores and strong market presence. Red Sift appeared in 11 reports – 5 new ones since Spring 2024! – earning 5 badges: A few…

Read more

Google will no longer trust Entrust certificates from October 2024

Red Sift

Tl;dr: Google has announced that as of October 31, 2024, Chrome will no longer trust certificates signed by Entrust root certificates. While there is no immediate impact on existing certificates or those issued before 31st October 2024, organizations should start reviewing their estate now. On Thursday 27th June 2024, Google announced that it had…

Read more

Understanding the polyfill.io domain attack

Francesca Rünger-Field

tl;dr: The recent compromise of the polyfill.io domain has triggered a broad-reaching web supply chain attack, impacting over 100,000 websites across various sectors including finance, healthcare, non-profits, academia, and more. To ensure the security of your website, we strongly advise you immediately remove any reference to polyfill.io. Latest update: 27th June 2024 Sansec, a…

Read more