Why DMARC and BIMI are a business priority

Email threats aren’t slowing down, and neither should your authentication strategy. In our recent joint webinar with Marigold, “From DMARC to BIMI: Navigating the New Email Authorization Landscape,” we broke down what today’s evolving standards mean for both security and marketing teams—and how to take action now with our free Red Sift Investigate tool.

If you missed the live session or want the highlights, here’s your quick-fire recap.

Email authentication is rapidly changing

The session kicked off with Red Sift’s Brian Westnedge alongside Marigold’s Casey Stopperan and Ken Pfeiffer breaking down the new bulk sender rules from Gmail and Yahoo (and now Microsoft). As of early 2024, both providers are enforcing stricter DMARC requirements for bulk senders—raising the bar for deliverability and domain protection, with Microsoft joining the party in 2025.

In fact, since the announcement in November 2023, domains with DMARC reporting enabled have increased from 6M+ to 10M+. If you haven’t yet caught up, these updates are no longer optional. Brands must prove they’re legitimate senders, or risk getting filtered out completely for bulk senders.

DMARC: Your best line of defense

Domain-based Message Authentication, Reporting & Conformance (DMARC) isn’t new—but now it’s non-negotiable. Casey and Ken explained how DMARC helps prevent spoofing and phishing by letting domain owners tell inbox providers how to handle unauthorized email.

But as Brian emphasized, simply having a DMARC record isn’t enough. You need full alignment, proper enforcement, and real-time visibility across every platform and tool sending email on your behalf. Red Sift’s integrated monitoring, Red Sift OnDMARC, helps businesses uncover hidden senders and move from monitoring to enforcement with confidence.

BIMI: Boost security and your brand

Once DMARC is in place and enforced, you can take the next step: BIMI (Brand Indicators for Message Identification). BIMI lets you display your verified logo next to emails in the inbox—making your brand instantly recognizable and more trustworthy. 

There’s a catch: BIMI requires a strict DMARC policy (p=quarantine or reject) and either a Common Mark Certificate (CMC) or a Verified Mark Certificate (VMC). Once DMARC is enforced, BIMI is enabled ready to boost your brand, letting your verified logo appear next to your emails in the inbox—creating instant recognition and trust.

Ken further highlighted how BIMI aligns perfectly with Marigold’s focus on deliverability and brand engagement. Meanwhile, Brian showed how Red Sift simplifies the process of getting BIMI-ready by managing everything from VMCs and CMCs to logo validation.

The bottom line? BIMI transforms authentication from a compliance task into a brand-building tool, excellent for security and marketing teams alike.

Get started with Red Sift OnDMARC

Red Sift OnDMARC is purpose-built to help businesses move from passive monitoring to active enforcement. With automated discovery, a dedicated customer success team, and integrated BIMI readiness, OnDMARC makes it easy to protect your domain from spoofing and phishing attacks, while providing enhanced email deliverability, and a needed boost to your brand’s visibility in every inbox. 

Whether you’re looking to comply with the latest Gmail, Yahoo and now Microsoft requirements or turn your authentication into a marketing advantage, OnDMARC gives you the tools, insights, and support to get there with confidence. Start your journey with a free domain check using Red Sift Investigate.

PUBLISHED BY

Jack Lilley

22 Apr. 2025

SHARE ARTICLE:

Recent Posts

VIEW ALL
Product Release

Red Sift’s 2025 Spring Quarterly Product Release

Francesca Rünger-Field

This Spring, we’ve delivered targeted updates to improve compliance, simplify certificate management, and strengthen infrastructure visibility—so you can take action faster and with more confidence. Highlights include: OnDMARC BIMI: Now with full Digicert & CMC support OnDMARC customers that wish to improve trust in their emails and boost open rates by implementing BIMI through…

Read more
BEC

The threat of Business Email Compromise in US healthcare

Jack Lilley

Executive summary: Business Email Compromise is siphoning billions from U.S. healthcare by exploiting human trust instead of software flaws. Spoofed or hijacked messages authorize fraudulent payments, spark ransomware, and expose patient data—causing crippling financial, operational, and compliance damage. Deploying DMARC, MFA, and rigorous multi-person payment checks is now critical. 3 key takeaways Business Email…

Read more
Email

Cloudflare selects Red Sift as a preferred partner to provide DMARC and…

Rebecca Warren

AI-generated email attacks are rapidly growing in scale and sophistication, demanding stronger defenses from at-risk organizations. Starting today, Red Sift is excited to announce a new strategic partnership with Cloudflare, the leading connectivity cloud company, to deliver its market-leading email security application, Red Sift OnDMARC, to a broader global audience.  Today’s alignment enhances Cloudflare’s…

Read more
Cybersecurity

New Zealand moves to mandate DMARC enforcement

Jack Lilley

Executive summary: New Zealand’s Secure Government Email Framework mandates DMARC at p=reject—plus hard-fail SPF, universal DKIM, enforced MTA-STS, and TLS-RPT—by October 2025. The rules replace SEEMail, curb soaring phishing losses, and will affect every organization that emails the public sector. Key takeaways: The New Zealand Government has recently published the Secure Government Email (SGE) Common…

Read more