Google rolled out blue check marks for businesses in early May. Now it turns out that it is incredibly easy to fool the verification system.
Blue checkmarks in Gmail will help users identify spam from early May. In principle, only verified companies with Workspace accounts can receive such a check mark. For this, Google uses the so-called BIMI (Brand Indicators for Message Indication) verification system. In addition to the blue check marks, Gmail shows the company logo as a profile picture for such emails. However, Google has not taken sufficient security measures against spam messages from such domains, writes Chris Plummer.
Plummer, active as a security specialist in the IT industry, writes on Twitter that the BIMI verification can also be used for spam messages. The tweet also contains an example of this, where spammers misuse the UPS domain to send spam. Despite the fact that the mail was not sent by UPS, it did receive a blue check mark and the profile picture of the parcel processor.
‘We’re not going to fix it’
Users who see the blue check mark and find it difficult to recognize spam emails are thus more easily fooled by criminals. Moreover, emails with such a check mark do not end up in the spam folder, since the sender has been verified by Google. However, the search giant does not seem to be planning to solve the problem. Plummer said he filed a ticket with the search giant – a ticket that was closed not much later. Rode? “We are not going to solve it, intended effect.”
The company has now come back from that decision, says the Twitter user. After the news gained more publicity, Google has reopened the ticket and the problem is being investigated. The search giant apologized for the initial response, and says it will keep Plummer informed about the rollout of a fix.
Only for Gmail
For now, it is still unknown when Google will roll out a solution. In any case, it is being worked on. Until then, don’t just trust emails with blue checkmarks in your Gmail mailbox. Although such emails probably come from the right sender, you can’t be completely sure.
Gmail angers users with new advertising policy
The problem only occurs in Gmail. For now, the verification system only works within the Workspace ecosystem, where paying users can request verification. As a consumer, this is unfortunately not yet possible. As a consumer, you will of course see the blue ticks. This works in both the mobile and desktop versions of the mail service.