Building trust in the digital age: How Xflow enhances email security and communication

The fintech space is evolving and growing faster than ever. However, with the expanding market, financial losses are significantly increasing, too. One of the reasons for these financial losses is the lack of robust security practices. According to reports¹, 91% of cyberattacks begin with email phishing attempts. Moreover, in 2024, global phishing attacks increased by 34% compared to 2023.

At Xflow, we are committed to following the highest security standards; therefore, Xflow has implemented BIMI to enhance email security.

Brand Indicators for Message Identification, or BIMI, is an email specification that allows inbox providers to display a brand’s logo and a verified blue tick next to authenticated emails.

While having a brand logo and a verified mark is beneficial, BIMI also enforces that email security standards like SPF, DMARC, and DKIM are followed. These email authentication protocols are not visible to recipients, so the displayed logo makes trust apparent and easily recognizable.

There are more benefits to displaying next to your business email², like improved trust, higher open rate and boost in engagement.

Leading email inbox providers like Gmail, Yahoo, Apple Mail, Fastmail, AOL mail, Zoho mail are encouraging the widespread adoption of these standards. Enforcing BIMI helps reduce the targets for phishing and spoofing attacks, making email safer and more trustworthy:

⬆️ Brand recall by 18%

⬆️ Open rate by 21%

⬆️ Purchase likelihood by 34%

Before BIMI:

After BIMI:

Recipients of emails from the Xflow domain sent by any Xflow employee will see the Xflow logo and a verified blue tick next to the name, providing reassurance that the email is legitimate and truly from Xflow.

When employees and customers see a verified logo or blue tick in a received email, it significantly boosts their sense of security and trust. These symbols, often used by legitimate organizations or email providers, serve as visual indicators that the message has been authenticated and comes from a reliable source.

For employees, it reduces the risk of falling victim to phishing attacks, while for customers, it reassures them that communications involving sensitive information are secure. The presence of these markers helps build confidence in the authenticity of the email, preventing confusion or scepticism and enhancing overall cybersecurity awareness.

At Xflow, implementing BIMI was a multi-step process to enhance our email security and trustworthiness. Here’s how we did it:

Step 1: Implement DMARC for Email Authentication

The first step in the BIMI process is ensuring our email authentication is set up properly, and for that, we use DMARC (Domain-based Message Authentication, Reporting, and Conformance). Implementing DMARC helps verify the domain from which the email was sent. It works with SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) to protect against phishing and email spoofing.

How DMARC Works:

• Emails from unknown or unauthorized sources (e.g., IPs not listed in our SPF record or those without a valid DKIM signature) are automatically rejected.

If an email fails either SPF or DKIM, it is not delivered to the recipient.

The DMARC policy can be set to either “quarantine” (emails fail DMARC but are delivered to the spam folder) or “reject” (emails fail DMARC and are not delivered at all). At Xflow, we’ve set our DMARC policy to “reject” all unauthenticated emails for the highest level of security. This means that emails failing authentication checks are completely blocked from reaching the recipient’s inbox.

Step 2: Get a Verified Mark Certificate (VMC)

To implement BIMI, we acquired a Verified Mark Certificate (VMC). A VMC verifies that we own the logo we want to display and confirms our organization’s legitimacy. At the time of writing, DigiCert and Entrust are the only two companies globally that offer VMCs that meet BIMI standards.

Step 3: Create and add the BIMI record to DNS

Now that we had the VMC and logo SVG, we followed up with the next step: creating a BIMI record.

What is a BIMI record?

A BIMI record is a special DNS entry that links to our logo and VMC certificate. This record tells email providers where to find the logo and verifies that we are using BIMI.

Steps to add the BIMI Record:

1. Host the SVG version of our logo and VMC publicly (in the required format)
2. Use a tool to create the BIMI record. This record includes:

• The link to our logo
• The link to our VMC certificate

Add this BIMI record to our DNS provider

At Xflow, our commitment to security and trust is at the core of everything we do. By implementing BIMI, we not only ensure that our email communications are protected by industry-leading standards like SPF, DKIM, and DMARC, but we also reinforce our dedication to transparency and authenticity. The visible brand logo and verified blue tick displayed alongside our emails give our readers the confidence that the email from Xflow is verified and has passed through strict security checks.

This alignment with the best practices in email security not only strengthens our relationship with stakeholders but also supports our ongoing goal of providing the highest level of reliability and trust.

Resources:

1. https://www2.deloitte.com/my/en/pages/risk/articles/91-percent-of-all-cyber-attacks-begin-with-a-phishing-email-to-an-unexpected-victim.html
2. https://www.businesswire.com/news/home/20210720005361/en/Red-Sift-and-Entrust-Survey-Showing-a-Logo-Positively-Affects-Consumer-Interaction-With-Emails-Open-Rates-Buying-Behavior-Brand-Recall-and-Confidence