As part of its commitment to enhancing security as a financial institution, Yamagata Bank implemented BIMI — displaying their corporate logo in emails. This visual measure was put in place to protect the safety and peace of mind of their customers. — The Yamagata Bank, Ltd. | Case Study

The Yamagata Bank, Ltd.

BIMI

As part of its commitment to enhancing security as a financial institution, Yamagata Bank implemented BIMI (Brand Indicators for Message Identification) — displaying their corporate logo in emails. This visual measure was put in place to protect the safety and peace of mind of their customers.

System Planning Department, The Yamagata Bank, Ltd.

The Yamagata Bank, Ltd., as a financial institution, has been implementing various initiatives to protect its customers from spoofed emails and phishing scams. As part of these security measures, the bank has implemented BIMI (Brand Indicators for Message Identification), displaying their corporate logo in emails.

What types of emails were you mainly sending to your customers?

We send emails to customers covering a wide range of content, including important notices, service information, and campaign announcements.

What prompted you to set up anti-spoofing measures (DMARC)?

In response to changes in Google’s “Email Sender Guidelines” — which made DMARC configuration mandatory for senders sending 5,000 or more emails per day — we first implemented DMARC with a policy of p=none.
In recent years, the financial industry has seen a variety of issues arising from phishing scams, and the Financial Services Agency has also published its “Guidelines on Cybersecurity in the Financial Sector.” In light of these changes in the environment, our bank decided to strengthen its measures further by raising our DMARC policy enforcement level.

How did you go about raising your DMARC policy enforcement level?

The responsible team within the company visualized and analyzed DMARC reports, then took the necessary actions accordingly. After raising the policy to “quarantine,” we proceeded with preparations for implementing BIMI while simultaneously advancing to the final stage of raising the policy to “reject.”

Why did you decide to implement BIMI?

We had previously received inquiries from customers asking, “Is this email really from Yamagata Bank?” By delivering emails with our logo displayed, customers can instantly tell at a glance where the email is coming from, which we believe is a highly valuable measure in terms of building trust. We consider BIMI — which allows security measures to be “made visible” — to be a very effective tool.

Do you have any advice for companies considering implementing BIMI?

Configuring DMARC and raising the policy enforcement level was a process that required steady, incremental effort. We have come to realize that it is important to start with what you can do and take action as early as possible.