BIMI compliance

You know that little logo that appears next to emails from trusted companies? That’s BIMI - and yes, Tallyfy uses it to protect you from phishing attacks. When you see our verified logo in your inbox, you can trust that email actually came from us. No logo? Not from Tallyfy.

How does BIMI authentication work?

Think of BIMI as a bouncer at an exclusive club - but for emails. It checks multiple forms of ID before letting our logo appear next to our messages. Here’s the security check process (it’s actually pretty clever):

1. Security Checks: First, we’ve set up three layers of authentication (SPF, DKIM, and DMARC¹ - yeah, the acronyms are a mouthful). These basically prove that emails from tallyfy.com are actually from us. Takes about 0.3 seconds per email.

2. Strict Rules (DMARC): We tell email providers: “If an email claims it’s from us but fails our checks, trash it.” No exceptions. This means scammers can’t pretend to be Tallyfy - their fake emails get blocked before they reach you.

3. Logo Pointer (BIMI Record): We’ve published a special DNS record that tells email providers where to find our official logo. Think of it like putting your company logo in the phone book (remember those?).

4. Logo Certificate (VMC²): Here’s the cool part - we have a special certificate (VMC) that proves we actually own the Tallyfy logo. It’s like a digital notary stamp that costs about $1,500 per year. Only real companies bother getting one.

5. Showing the Logo: When Gmail or Outlook gets an email from tallyfy.com, it runs through all these checks in under a second. Pass all five? Our logo appears. Fail even one? No logo. Simple as that. (We’ve never failed a check, by the way.)

What user security benefits does BIMI provide?

You’re probably wondering what’s in it for you. Fair question! Here’s how BIMI makes your life easier (and safer):

• Enhanced Trust and Security: See our logo? It’s really us. No logo on an email claiming to be from Tallyfy? Delete it - it’s fake. This visual cue takes about 0.1 seconds to check but saves you from potentially catastrophic phishing attacks.
• Streamlined Recognition: Ever scroll through 200 emails looking for that one important message? Our logo makes Tallyfy emails pop out instantly. Users report finding our emails much faster.
• Reinforced Brand Familiarity: You see our logo regularly in your inbox. Over time, your brain automatically associates it with legitimate Tallyfy communications. It’s like muscle memory for email safety.

How does BIMI provide cyber threat protection?

Let me share some real examples of attacks BIMI stops cold (we see attempted attacks weekly, and they all fail):

• Domain Spoofing Prevention: Someone tries to send you a “password reset” email from a fake tallyfy.com address. Their email? No logo. Yours? Straight to spam. Our authentication blocks countless spoofing attempts.
• Phishing Attack Mitigation: Picture this - you get an urgent “Update your payment method NOW!” email. But wait… no Tallyfy logo? That’s your red flag. Real urgent emails from us always have our verified logo. Always.
• Brand Impersonation Resistance: Scammers can copy our website design, but they can’t fake our BIMI certificate (trust me, they’ve tried). BIMI significantly reduces successful phishing attempts by making fraudulent emails immediately identifiable.

What should I know about custom SMTP settings?

Using custom SMTP disables BIMI benefits

When you configure Tallyfy to send emails via your own email server (Custom SMTP) instead of Tallyfy servers (tallyfy.com), the BIMI logo will not appear on those emails.

Why? Simple - the emails come from your servers, not ours. It’s like putting a Ferrari badge on a Honda. Email providers check where the email actually originated, and when they see it’s not from our servers, no logo appears. You’d need your own BIMI setup (which involves getting your own $1,500/year certificate).

Want the security benefits of our verified logo? Stick with our default email settings. Your IT team will understand.

Related articles

Miscellaneous > Terms & legals

Tallyfy maintains SOC 2 Type 2 attestation GDPR compliance HSTS security BIMI email standards custom data processing agreements complete encryption multi-layer API protection AWS GovCloud hosting options and various enterprise-grade security measures to meet regulatory obligations and enterprise requirements.

Org Settings > Organization branding

Tallyfy administrators can fully customize the platform with company logos brand colors guest interfaces and advanced CSS styling while custom SMTP configuration enables branded email communications though complete white-labeling isn’t available due to technical security and operational constraints.

Email > Set up custom SMTP sending

This guide explains how to configure custom SMTP servers with Tallyfy including required credentials setup procedures testing methods and troubleshooting solutions to ensure reliable branded email delivery while maintaining security compliance and organizational control over workflow communications.

Support > Not receiving emails?

Tallyfy email delivery issues can stem from incorrect addresses or notification settings or spam filtering or corporate security systems and can be resolved through IT allowlisting of tallyfy.com or checking Microsoft-specific diagnostic tools like SNDS and Message Trace or verifying email authentication status or using alternative direct link sharing methods for guest tasks.

Footnotes

1. Email authentication protocols that verify sender identity and message integrity ↩

2. Verified Mark Certificate issued by certificate authorities to validate logo ownership ↩

Was this helpful?

YesNo