Case Study

Aiming for “Emails That Can Be Opened with Peace of Mind”—Visualizing Reliability through the Implementation of Brand Indicators for Message Identification (BIMI) and Verified Mark Certificates (VMC)

“BASE,” an online shop creation service operated by BASE, Inc., has implemented initiatives to improve email reliability, aiming for an environment where users can receive emails and information with peace of mind. The company began considering Domain-based Message Authentication, Reporting, and Conformance (DMARC) as an anti-spoofing measure in 2018 and implemented it in 2020. In 2025, they introduced Brand Indicators for Message Identification (BIMI) and Verified Mark Certificates (VMC).

Current Status of Email Operations: A Delivery System Combining Various Tools

――What types of emails do you primarily send?

As an online shop creation service, we provide a system to shop owners. We deliver transactional emails to both shop owners and product purchasers, such as “Purchase Completion Notifications,” “Order Notifications,” “Login Notifications,” and “Favorite Registration Notifications for the Pay ID App ().” Additionally, BASE sends emails regarding campaigns, new features, and responses to user inquiries. () A shopping app provided by “Pay ID” (https://payid.jp/), a shopping service for purchasers operated by BASE, Inc.

Background of BIMI/VMC Implementation: To Enhance User “Peace of Mind”

――Please tell us the background behind considering the implementation of DMARC.

We started this initiative as part of our measures against email non-delivery. While the internal team handled the elevation of the DMARC policy, there were no major hurdles, and the process went smoothly.

――Please tell us the background behind considering the implementation of BIMI.

As a service that allows “anyone to easily create an online shop,” BASE has a responsibility to provide an environment where all users can use the service with peace of mind. As part of this effort, we were moving forward with an email delivery measure requesting users to update their registration information regularly. However, internal discussions arose that these emails “might give the impression of being phishing emails.” We were searching for a breakthrough in a situation where “the importance of the content necessitated reliable delivery to users, yet we could not afford to undermine the reliability of our emails.” At that moment, a suggestion was made internally to “consider implementing BIMI,” and discussions toward implementation began.

Deciding Factors: Clear Explanations and Effective Measures

――Why did you decide to implement BIMI and VMC?

We confirmed what could and could not be achieved through implementation one by one, based on factors such as the implementation status of other services, measures recommended by the Council of Anti-Phishing Japan, and the share of BIMI-compatible mail clients used within our own service. As a result, we determined that there were sufficient benefits to justify the implementation costs and decided to move forward. While BIMI alone may not be a perfect anti-phishing measure, the fact that it functions as a “last line of defense” allowing users to identify the sender was sufficiently attractive to us.

Implementation Process: Smooth Progression through Team Collaboration

――Please tell us about the schedule and steps leading up to implementation.

We have a team responsible for balancing service integrity with providing value to users, consisting of members from planning, product management, and development. Because this team handled everything from consideration to implementation consistently, the process progressed smoothly. Since DMARC was already in place, there were no major issues. With support from the GMO Brand Security representative, we were able to smoothly navigate the internal approval process and the submission of required documents.

Implementation Effects: “Trust” in Emails Becomes Visible

――What effects have you seen after implementing BIMI?

While sending many transactional emails, the BASE service logo now appears in received emails. We feel we are closer to a state where we can deliver necessary information to users at the appropriate time with peace of mind. Furthermore, we feel that this response has allowed us to execute measures at a layer one level higher than before.

Future Outlook and Messages to Other Companies

――How do you plan to expand BIMI in the future?

We would like to expand the implementation to multiple services within the BASE Group. We intend to proceed with these improvements in stages.

――Do you have a message for companies considering the implementation of BIMI?

I feel it is important to clearly define the purpose and effects of implementation. Additionally, I recommend addressing the necessary prerequisites, such as DMARC settings and trademark registration, as early as possible.