Blog Post: github, security, business, tech

Verified email brand indicators on iOS 16 with the Halon MTA

Apple has just released iOS 16 for iPhone which includes support for BIMI - digitally certified logos for email. It improves visibility and engagement for brands, while at the same time increasing security for users. Mailbox providers using the Halon MTA can quickly and easily enable BIMI for their customers using our module on Github. Continue reading to find out more.bimi_ios16

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. In short, it displays verified brand logos in users’ inboxes. It builds upon the existing email authentication standards (SPF, DKIM and DMARC), and incentivizes email senders to embrace these technologies by increasing their brand impression. BIMI improves visibility and engagement for brands, while at the same time increasing security for users.

Why is BIMI important for mailbox providers?

Email remains a major threat vector, with increasingly elaborate attacks and sophisticated malware. Email authentication is one important piece of the email abuse prevention puzzle. BIMI is a visibly impactful security mechanism, which is now gaining widespread support. Mailbox providers should consider keeping up with the latest security trends, to stay relevant and keep their users safe. With the Halon MTA, adding the necessary signature to enable BIMI for iPhone users is a one-liner of code.

Enabling BIMI for iPhone with Halon

Since the lifetime of signatures can be short, email authentication should typically be verified by the MTA as it receives messages. Consequently, the MTA does the heavy lifting with BIMI. Mailbox providers using the Halon MTA can quickly and easily get started using its BIMI module found on Github. The module does all the necessary verification, and if successful, adds the logo to the message together with the authentication results as headers. Additionally, in order to support iOS 16, an extra DKIM signature for the authentication results header is added:

$mail->signDKIM($selector, $domain, $key,
	["additional_headers" => ["Authentication-Results"], "body_length" => 0]);

The DKIM domain needs to match the email server address configured in iOS. If the client is configured to use imap.example.com, the DKIM domain could be example.com. 

Feel free to reach out to our expert team if you want more information or need help getting started. Not using the Halon MTA? Keep your users safe and satisfied by investing in your infrastructure. Contact us to find out the many benefits of Halon.