Case Study

In this interview, we spoke with Mr. Fushimi, General Manager of the Risk Management Department within the Corporate Headquarters. He oversees company-wide risk management—including security risks—and spearheaded this project. While the financial industry is already advancing its countermeasures following guidelines from the Financial Services Agency (FSA) and the securities industry, Mr. Fushimi and his team took a particularly proactive approach.

Current Email Clients and Delivery Tools

──What kind of email delivery environments does your company currently use?

While our internal client environment is centered on Microsoft Outlook, we utilize a variety of specialized tools and SaaS platforms for our broader email delivery needs.

Sending Emails to Customers

──What types of emails do you primarily send to your customers?

We send a wide variety of communications to our customers, including legally required disclosures under the Financial Instruments and Exchange Act, seminar invitations, investment reports, and customer support updates. Every one of these messages is critical; it is essential that they not only reach our customers’ inboxes but are also opened and read, given the importance of the information they contain.

The Motivation Behind Implementing DMARC

──What originally prompted your company to begin working on DMARC configuration?

Following the updates to Google’s ‘Email Sender Guidelines’ in 2024, we initiated our DMARC configuration and initially set the policy to quarantine. We then successfully elevated the policy to reject in 2025.

──Were there any hurdles or concerns you faced while moving forward with these configurations?

We handled the configuration internally. To monitor the process, we utilized tools to track our Gmail deliverability rates.
Since we are a company with many engineers, building internal consensus for these technical security measures was a very smooth process.

Background Behind Adopting BIMI and VMC

──Could you tell us about the specific circumstances that led you to consider implementing BIMI (Brand Indicators for Message Identification) and VMC (Verified Mark Certificates)?

Given that we had already elevated our DMARC policy to quarantine, we decided to move forward with BIMI not only as a countermeasure against spoofing but also for its significant marketing benefits. Furthermore, with the security guidelines and required measures issued by the Financial Services Agency (FSA) and the securities industry, we made the strategic decision to prioritize an early implementation.

──What specific challenges or concerns did you face regarding your email communications prior to implementing BIMI?

Having been involved in anti-phishing operations for a long time, I have felt a growing sense of caution among customers regarding their emails. Even when looking at the subject line or the body of the text, it is becoming increasingly difficult to distinguish what is authentic.

On a personal level, I also feel the overwhelming volume of phishing emails lately. Think about how we handle phone calls—most of us hesitate to answer a call from an unknown number.

The same trend is now happening with email; people are increasingly conditioned not to open anything that looks even slightly suspicious. We felt that this ‘culture of caution’ was becoming a significant barrier to reaching our customers effectively.

Challenges and Steps During Implementation

──Could you walk us through the schedule and the specific steps you took leading up to the implementation?

We began the project by coordinating with various departments, framing it as a strategic initiative that serves both as a countermeasure against spoofing and as a powerful marketing tool.

──Were there any particular challenges or creative approaches you took during the implementation?

One of the biggest hurdles was the difficulty of predicting quantitative effects. It is inherently challenging to pre-calculate the exact return on investment (ROI) for both anti-spoofing measures and marketing benefits in terms of hard numbers.

Additionally, explaining the technical nuances was a complex task. Since the display of the brand logo depends on the specific specifications of each email client (mailer), it won’t appear the same way for every user. Communicating this inconsistency clearly—both in our internal briefings and in our guidance to customers—required careful messaging to manage expectations effectively.

Realizing the Impact and Benefits Post-Implementation？

──Now that the system is live, what specific changes or positive effects have you noticed?

We strongly feel that the presence of our logo directly contributes to enhancing customer trust. Within the company, we’ve received many positive comments about how great it is to see our official brand appearing in the inbox.

Moving forward, we have high expectations for the long-term impact on our branding and customer loyalty. It’s not just a security measure; it’s an investment in the enduring relationship between FOLIO and our users.

Future Outlook and Message to Other Organizations

──How do you envision utilizing and expanding the use of BIMI in the future?

From the perspectives of both marketing and branding, we are committed to expanding the implementation of BIMI across the domains we use for customer communications. Our goal is to ensure that our brand identity is instantly recognizable and trusted the moment our emails reach an inquiry or an inbox.

──Do you have any advice for companies currently considering these measures?

For any organization that wants its customers to open and review their emails with complete peace of mind, I believe this is an exceptionally effective strategy.
While the conversation often centers solely on security and anti-spoofing, I encourage you to look at the marketing potential as well. BIMI doesn’t just improve open rates; it strengthens brand recall and contributes significantly to customer loyalty. I hope to see security and business teams—who may not interact frequently—collaborate to drive this forward as a ‘proactive security’ measure that enhances overall corporate value.
Once the implementation is complete, there is a genuine joy in seeing your beloved corporate logo appear right in your own email app. I truly hope you get to experience that moment for yourselves.