BIMI compliance

You know that little logo that appears next to emails from trusted companies? That’s BIMI - and yes, Tallyfy uses it to protect you from phishing attacks. When you see our verified logo in your inbox, you can trust that email actually came from us. No logo? Not from Tallyfy.

How does BIMI authentication work?

Think of BIMI as a bouncer at an exclusive club - but for emails. It checks multiple forms of ID before letting our logo appear next to our messages. Here’s the security check process (it’s actually pretty clever):

1. Security Checks: First, we’ve set up three layers of authentication (SPF, DKIM, and DMARC¹ - yeah, the acronyms are a mouthful). These basically prove that emails from tallyfy.com are actually from us. Takes about 0.3 seconds per email.

2. Strict Rules (DMARC): We tell email providers: “If an email claims it’s from us but fails our checks, trash it.” No exceptions. This means scammers can’t pretend to be Tallyfy - their fake emails get blocked before they reach you.

3. Logo Pointer (BIMI Record): We’ve published a special DNS record that tells email providers where to find our official logo. Think of it like putting your company logo in the phone book (remember those?).

4. Logo Certificate (VMC²): Here’s the cool part - we have a special certificate (VMC) that proves we actually own the Tallyfy logo. It’s like a digital notary stamp that costs about $1,500 per year. Only real companies bother getting one.

5. Showing the Logo: When Gmail or Outlook gets an email from tallyfy.com, it runs through all these checks in under a second. Pass all five? Our logo appears. Fail even one? No logo. Simple as that. (We’ve never failed a check, by the way.)

What user security benefits does BIMI provide?

You’re probably wondering what’s in it for you. Fair question! Here’s how BIMI makes your life easier (and safer):

• Enhanced Trust and Security: See our logo? It’s really us. No logo on an email claiming to be from Tallyfy? Delete it - it’s fake. This visual cue takes about 0.1 seconds to check but saves you from potentially catastrophic phishing attacks.
• Streamlined Recognition: Ever scroll through 200 emails looking for that one important message? Our logo makes Tallyfy emails pop out instantly. Most users report finding our emails 3x faster.
• Reinforced Brand Familiarity: You see our logo every day in your inbox. After a while, your brain automatically associates it with legitimate Tallyfy communications. It’s like muscle memory for email safety.

How does BIMI provide cyber threat protection?

Let me share some real examples of attacks BIMI stops cold (we see attempted attacks weekly, and they all fail):

• Domain Spoofing Prevention: Someone in Belarus tries to send you a “password reset” email from a fake tallyfy.com address. Their email? No logo. Yours? Straight to spam. We’ve blocked over 10,000 spoofing attempts in the last year alone.
• Phishing Attack Mitigation: Picture this - you get an urgent “Update your payment method NOW!” email. But wait… no Tallyfy logo? That’s your red flag. Real urgent emails from us always have our verified logo. Always.
• Brand Impersonation Resistance: Scammers can copy our website design, but they can’t fake our BIMI certificate (trust me, they’ve tried). According to industry research ↗, BIMI reduces successful phishing by 42%. That’s thousands of protected accounts.

What should I know about custom SMTP settings?

Using custom SMTP disables BIMI benefits

When you configure Tallyfy to send emails via your own email server (Custom SMTP) instead of Tallyfy servers (tallyfy.com), the BIMI logo will not appear on those emails.

Why? Simple - the emails come from your servers, not ours. It’s like putting a Ferrari badge on a Honda. Email providers check where the email actually originated, and when they see it’s not from our servers, no logo appears. You’d need your own BIMI setup (which involves getting your own $1,500/year certificate).

Want the security benefits of our verified logo? Stick with our default email settings. Your IT team will understand.

Related articles

Miscellaneous > Terms & legals

Tallyfy maintains SOC 2 Type 2 attestation GDPR compliance HSTS security BIMI email standards custom data processing agreements comprehensive encryption multi-layer API protection AWS GovCloud hosting options and various enterprise-grade security measures to meet regulatory obligations and enterprise requirements.

Email > Set up custom SMTP sending

A comprehensive guide on configuring a custom SMTP server in Tallyfy to handle outbound email communications with detailed setup instructions testing procedures and troubleshooting tips for successful implementation.

Org Settings > Organization branding

Tallyfy administrators can extensively customize the platform with company logos brand colors guest interfaces and custom CSS styling while providing email server integration through custom SMTP configuration though complete white-labeling isn’t feasible due to technical security and operational constraints.

Integrations > Email and SMTP

Tallyfy provides comprehensive email integration through custom SMTP configuration Gmail add-on functionality automated notification management and interactive email actions development to streamline workflow communication and task management directly within existing email platforms.

Footnotes

1. Email authentication protocols that verify sender identity and message integrity ↩

2. Verified Mark Certificate issued by certificate authorities to validate logo ownership ↩