Email Security and Authentication

Microsoft introduces new “verified” icons for businesses.

minute read

Post Image

During Microsoft’s Surface event earlier this week, they announced a new Outlook.com experience to help users more easily identify and interact with brand’s emails in their inbox. The Microsoft business profile experience, currently in beta, will offer customers the opportunity to become a verified business with Microsoft and receive a blue check mark icon from Outlook.com indicating as much.

A concept made popular with Twitter, Outlook.com will soon be able to not only improve their inbox filtering decisions based on a business’s verification, but will also help users identify legitimate email and better avoid potentially fraudulent emails in the inbox.

A Microsoft-verified business will have an accompanying profile card on which users can click to see information about the business, such location, contact information, photos, and more. Users will be empowered to review which newsletters they are subscribed to and can easily opt out of receiving newsletters they no longer care about.

Via Microsoft

Perhaps the most interesting feature announced with the business profile experience is the ability for verified businesses to “get more prominent placement for your email, coupons and promotions before customers even open your email,” according to Microsoft. They add, “We are making it easy to find promotions in your inbox by surfacing offer details right in your message list, so you don’t have to open the email to see the deal.”

Via Microsoft

These new features will begin rolling out to American Outlook.com customers over the coming months. Customer-facing, US-based businesses can register to reserve a spot in the free beta program today. Microsoft has not released any details on pricing for this feature after beta, but the business profile experience and added inbox benefits will likely come at a premium.

When I heard about this announcement earlier this week, I immediately thought, “Hey, some of this sounds familiar to BIMI.” (If you’re unfamiliar with BIMI, check out our post on this new industry standardization effort and the brand protection and marketing impression benefits it can offer.)

However, I learned the Microsoft business profile experience does not require DMARC or take into account authentication alignment when verifying a business beyond their standard O365 anti-phishing defenses. In fact, there was no mention of fighting against phishing in the recap details of their announcement.

While Microsoft is moving in the right direction in improving the subscriber experience by identifying verified businesses, it does not seem to fully protect against accidentally verifying phishers masquerading as a legitimate business. Just think of the potential disaster that could occur if a malicious sender is able to obtain a verified icon and phish endless amounts of Microsoft customers.

Microsoft could benefit from adopting the BIMI open standards to strengthen this feature and require a DMARC quarantine or reject policy while it is still in beta. This would elevate their mail platform and business profile experience to more brands across Microsoft platforms and further protect subscribers. Regardless, it will be interesting to watch how this experience influences spam detection and the customer experience within Outlook.com.