You are currently viewing Gmail Spoofing: Scammers Impersonate Gmail’s BIMI Identifiers

Gmail Spoofing: Scammers Impersonate Gmail’s BIMI Identifiers

Around a year ago, Google launched Gmail’s BIMI Identifiers. BIMI is short for Brand Indicators for Message Identification. It’s a feature introduced to enhance email security & trustworthiness by displaying brand logos and verified check marks next to authenticated emails in the Gmail interface. However, about a month after the launch, this new security feature was compromised when a bug was noticed & reported by a cybersecurity architect, Chris Plummer.

Gmail Spoofing: Scammers Impersonate Gmail’s BIMI Identifiers Matter

Initially, Chris Plummer’s claim was ignored & discarded by Google when he raised his voice, saying Gmail spoofing: scammers impersonate Gmail’s BIMI Identifiers. He tweeted, “There is most certainly a bug in Gmail being exploited by scammers to pull this off, so I submitted a bug which @google lazily closed as ‘won’t fix – intended behavior.’ How is a scammer impersonating @UPS in such a convincing way ‘intended'”.

Another tweet read, “The sender found a way to dupe @gmail’s authoritative stamp of approval, which end users are going to trust. This message went from a Facebook account, to a UK netblock, to O365, to me. Nothing about this is legit. Google just doesn’t want to deal with this report honestly.”

Later on, when the matter was escalated, Google not only apologized to the reporter but also tagged the matter with a “Priority 1” investigation status.

The point of sharing all this information is that even the giants can get wrong sometimes when it comes to security. Let’s dig this deep and understand what is what and how to prevent your emails from spoofing.

What are BIMI Identifiers?

BIMI Identifiers are cryptographic keys linked to a brand’s logo. They are designed to authenticate and visually represent a brand’s identity within email clients that support BIMI. BIMI has the potential to help users identify genuine brands if executed correctly.

Authentication Standard

BIMI is a standardized method designed to verify the authenticity of emails by associating them with specific brand logos.

Displaying Brand Logos

When an email passes authentication checks (such as SPF, DKIM, and DMARC) – Gmail can display the sender’s verified logo alongside the email in the recipient’s inbox. This visual indicator helps users identify legitimate emails from trusted sources easily.

Improving Trust and Recognition

BIMI aims to reduce phishing attempts and increase user confidence in the emails they receive by showing recognizable logos. The logos indicate that the sender has taken steps to authenticate their identity.

Support for Verified Mark Certificates (VMCs)

BIMI also supports using Verified Mark Certificates (VMCs), which further validate the sender’s authenticity and allow for a more prominent display of logos in email clients.

How Scammers Exploit BIMI?

Despite its security intentions, scammers have found loopholes in BIMI.

Falsifying BIMI Records

Scammers create fake BIMI records that falsely associate their spoofed emails with legitimate brands. This can trick email clients into displaying the scammer’s logo alongside the email, which increases its apparent legitimacy.

Impersonating Trusted Brands

Scammers can impersonate well-known brands more convincingly using BIMI benefits – higher chances of recipients interacting with malicious content.

Risks Posed by Gmail Spoofing

Financial Scams

Many Gmail spoofing attempts are aimed at financial fraud. Scammers might impersonate banks, financial institutions, or payment processors to lure users into divulging banking details or transferring money.

Malware Distribution

Spoofed emails often contain attachments or links to malicious websites. Clicking on these can lead to malware infections, compromising the security of personal or organizational networks.

Identity Theft

Scammers aim to steal personal information such as login credentials, social security numbers, or other sensitive data by impersonating trusted entities.

Preventive Measures Against Gmail Spoofing

Until Gmail’s BIMI Identifiers reach their full potential of providing security error-freely, you can adopt these security features to be protected from cybercrimes.

Implementing Email Authentication Protocols

SPF (Sender Policy Framework)

This protocol helps verify that an email message originates from an authorized IP address for the sender’s domain.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to emails, allowing recipients to verify that the email has not been altered on the way.

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC builds on SPF & DKIM. It gives email senders better control over how their emails are processed if they fail authentication checks.

User Awareness & Training

Education about the dangers of phishing and Gmail spoofing is crucial. You must be cautious when clicking links or downloading attachments from unknown or suspicious emails.

Enabling Two-Factor Authentication (2FA)

Adding an extra layer of security to Gmail accounts through 2FA can prevent unauthorized access even if login credentials are compromised.

Regular Software Updates

Keeping email clients and antivirus software updated reduces vulnerabilities that scammers might exploit through Gmail spoofing.


As email phishing techniques like Gmail spoofing become more sophisticated, you must remain vigilant in protecting your email communication. You know how scammers manipulate Gmail’s BIMI Identifiers, and you also know what to do to do email authentication and minimize risks. The above preventive measures can significantly reduce the likelihood of falling victim to Gmail spoofing scams. And if you need help with email security, connect with top server providers like Leasepacket.


Q1. What is Gmail spoofing?

Gmail spoofing involves forging email headers to make it appear legitimate – when, in fact, it is not.

Q2. How do scammers exploit Gmail’s BIMI Identifiers?

Scammers abuse BIMI by faking records to associate their spoofed emails with legitimate brands, making their phishing attempts appear more credible.

Q3. What are BIMI Identifiers in Gmail?

BIMI Identifiers are cryptographic keys that, when properly implemented, allow Gmail to display a brand’s logo next to authenticated emails – increasing trust & authenticity.

Q4. Why is Gmail’s BIMI vulnerable to exploitation?

Despite security benefits, BIMI can be exploited because scammers can create fake BIMI records, misleading users into trusting fraudulent emails.

Q5. What risks does Gmail spoofing pose?

Gmail spoofing can lead to financial scams, malware distribution, and identity theft by tricking users into divulging sensitive information or clicking on malicious links.

Q6. How can users protect themselves from Gmail spoofing?

Users can protect themselves by implementing email authentication protocols like SPF, DKIM, and DMARC. And by being cautious of suspicious emails and enabling 2FA on their Gmail accounts.

Q7. What do I do if I need help with my email security?

If you need help with email security, connect with top server providers like Leasepacket.