
Cable Networks Akita Co.,Ltd.
- BIMI
Protecting Subscribers While Elevating the Brand —
BIMI/VMC Implementation Achieved Through Domain Migration
Cable Networks Akita Co.,Ltd. — Technical Division
Cable Networks Akita Co.,Ltd. is a community-based telecommunications provider serving many subscribers in Akita Prefecture with cable television, internet, and telephone services, as well as diversified operations including product sales. While operating subscriber-facing email distribution through its own mail server, the company faced the challenge of increasingly sophisticated spoofing emails that exploited the same domain. With the goal of providing subscribers with trustworthy service, and seizing the opportunity of migrating its email delivery domain to an internal domain, the company implemented Brand Indicators for Message Identification (BIMI) and Verified Mark Certificates (VMC). We spoke with them about the background, efforts involved, and their future outlook.
About Email Clients and Delivery Tools
──Before implementing BIMI, what email clients or delivery tools were you using?
We were sending emails to subscribers using scripts on our own mail server.
──What types of emails were you primarily sending?
We use email for a wide range of purposes, including maintenance notifications, campaign announcements, event information, and survey requests to our subscribers.
About DMARC Configuration
──What prompted you to start working on DMARC configuration?
We needed to improve email deliverability and strengthen security measures, improve the reliability of email delivery, and comply with the latest industry standards. As a large-volume email sender, we determined that implementation was essential.
──What were the initial hurdles or concerns when configuring DMARC?
Our biggest concern was the potential impact on subscriber email delivery from implementing SPF, DKIM, and DMARC. Since the domain used for our outbound emails was the same domain assigned to our subscribers, we anticipated that strengthening the DMARC policy would have a significant impact on mail delivery, requiring careful handling.
Background and Motivation for Implementing BIMI and VMC
──What was the background or trigger for considering BIMI implementation?
The primary trigger was the increasing sophistication of spoofing emails targeting our subscribers, which impersonated our email delivery domain. There was an urgent need for measures to protect our subscribers.
──What email-related challenges were you facing before implementing BIMI?
We were concerned about phishing sites being promoted through spoofed emails, and there was a need to protect our subscribers from falling victim.
Decision Factors and Implementation Process
──Why did you choose to implement VMC?
As a prerequisite, our email delivery domain was the same as the domain assigned to our subscribers, which meant we first needed to migrate the email delivery domain to an internal domain. This was because strengthening the DMARC policy on the subscriber domain was expected to have a significant impact on mail delivery. During this migration, we selected BIMI/VMC to visualize spoofing emails through logo display and strengthen our company’s branding.
──Please tell us about the schedule and steps leading to implementation.
We first obtained the VMC certificate and notified subscribers of the domain change. We then carefully analyzed the DMARC reports for the internal domain, communicated and rolled out the changes internally. We proceeded in a phased approach: modifying the DMARC policy and then commencing email delivery from the internal domain.
──Were there any challenges or particular efforts during implementation?
It took time to understand the BIMI requirements and carefully analyze the DMARC reports. For analyzing the reports, we used tools such as OSS and GAS to carefully interpret the reports and gradually raise the policy level.
Changes and Effects After Implementation
──What changes or effects have you noticed since implementing VMC?
At our support desk, it has become easier to respond to subscriber inquiries about emails sent from us. Although display availability varies by email client, we can now clearly explain to subscribers that emails displaying our company logo are legitimate ones.
──What about security effects or peace of mind?
With BIMI implementation enabling logo display, we have been able to more clearly communicate to subscribers about the change in our email delivery domain. It has also directly contributed to strengthening our anti-spoofing measures.
Future Outlook and Message to Other Companies
──Do you have any advice for companies considering implementing BIMI?
We recommend analyzing DMARC reports early and creating an environment where the policy migration can proceed smoothly. The earlier you start, the more seamlessly you can carry out a phased migration.
──How do you plan to utilize and expand BIMI going forward?
We would like to use our own implementation as a case study to encourage BIMI/VMC adoption among the businesses that are our subscribers. We also want to contribute to improving email security for companies in the local community.