BIMI generators – using automated tools to manage BIMI
Brand Indicators for Message Identification (BIMI) is an email protocol that allows senders to display a branded logo next to emails in recipients’ inboxes. To make it easier to deploy BIMI, various services exist to automatically create a BIMI record. Such tools are called BIMI generators. In addition to these fairly simple tools that just generate one part of BIMI, there are more complete automation tools that handle more of the BIMI deployment process for you.
Some engineers only need help with a specific step in the BIMI deployment process, while others may prefer a comprehensive commercial product to handle as much of BIMI as possible. Fortunately, there are tools that exist on both ends of the spectrum.
In this article, we’ll look at the infrastructural elements of BIMI that existing tools can generate automatically. We’ll show you how to generate a BIMI record using a standard BIMI generator and then introduce more complete services for automating the remaining elements of BIMI.
Summary of BIMI automation
Typical BIMI generators focus on the BIMI record, but a full BIMI deployment includes much more than just the DNS record. Let’s look at the elements of BIMI that we must set up. Later on, we’ll discuss more holistic strategies for automatically generating a nearly complete BIMI deployment, covering most of these components.
|BIMI architectural component||What it does|
|BIMI logo||A file following BIMI’s custom format that contains your logo image|
|Verified Mark Certificate (VMC)||A file that proves legitimate ownership of the branded logo|
|BIMI record||A DNS record that tells inboxes where to find your BIMI logo and VMC file|
|DMARC||An email authentication mechanism that makes it harder for hackers to forge emails from your domain|
|HTTPS web server||You need an HTTPS server to host your logo and VMC files|
Using a BIMI generator
Most services that call themselves a BIMI generator really only generate one part of a BIMI deployment: the BIMI record. To see this in practice, let’s use one of the most popular BIMI generators, BIMI Group’s BIMI Inspector.
Clicking the “Generate BIMI Record” button provides us with a BIMI record’s text:
default._bimi.valimail.com TXT v=BIMI1; l=https://amplify.valimail.com/bimi/valimail/ekURFPbPVyt-valimail_inc_256301583.svg; a=https://amplify.valimail.com/bimi/valimail/ekURFPbPVyt-valimail_inc_256301583.pem;
Voila, we have the raw text of a BIMI record. To deploy this record, we simply add it as a DNS record.
You can learn more about how the BIMI works by reading our companion BIMI Record article.
Once the BIMI record is deployed, what else remains to be done? As the summary section outlines, we must acquire a VMC, convert our logo to BIMI’s custom image format, ensure that Domain-based Message Authentication, Reporting and Conformance (DMARC) is deployed, and more. Thus, the BIMI generator only took care of a small part of the process for us.
Although the phrase “BIMI generator” is mainly associated with tools that help you create a BIMI record, there are many more aspects of BIMI that are ripe for automation. In this section, we’ll overview how to generate various other aspects of BIMI.
BIMI logo converter
BIMI logos follow a special format called SVG Tiny Portable/Secure (SVG P/S). There is a tool to convert a standard SVG file to SVG P/S available as a script for Windows, Linux, and Adobe Illustrator (Linux is not supported yet, unfortunately). The conversion scripts are accessible via Github: https://github.com/authindicators/svg-ps-converters.
You can learn more about complying with BIMI’s standards for logo images by reading our BIMI Logo article.
Facilitating the verification process
The verification process is arduous, strict, and expensive, and there are no small, dedicated tools that handle this part of the process for you. However, in June 2020, DigiCert (one of the leading verification authorities) made an announcement:
“DigiCert is pleased to partner with Valimail to support pilots that advance the BIMI email security standard with VMCs,” said DigiCert Senior Director of Business Development Dean Coclin. “We anticipate growing demand for digital certificates displaying verified logos in email and are developing scalable solutions to help companies be ready on day one.”
– DigiCert and Valimail Partner to Help Companies Display Brand in Email, Get BIMI-Ready
Valimail Amplify has a partnership with DigiCert that facilitates the process considerably.
To comply with BIMI, it’s required that you first deploy DMARC, an email authentication mechanism that can be difficult to set up without prior experience. BIMI is sometimes even described as a “reward” for senders who comply with DMARC. You can learn more about how DMARC works by reading our concise introduction: What is DMARC.
Valimail offers Valimail Enforce, a mature product that handles DMARC for you, thus tackling one of the biggest hurdles to BIMI.
Valimail Amplify extends Valimail Enforce to offer comprehensive automation for BIMI. Unlike other services and tools, which only do a small, specific part of the work for you, Amplify aims to handle as much of the process as possible.
What can’t you generate automatically?
BIMI is an excellent tool for improving open rates for marketing emails and building trust with recipients. As we’ve shown above, BIMI involves a lot of disparate parts that are much easier to compose into a BIMI deployment when orchestrated through automation. However, BIMI generators are not a panacea. Let’s look at some ways that automating BIMI by itself is inadequate.
Verification of your branded logo
Complete automation tools like Valimail Amplify can help you with the process of acquiring a VMC, but one fact remains: You will need to provide proof that you are the legitimate owner of the branded logo. This verification process necessarily requires work on your end to prove your identity and legitimate ownership.
You can learn more about what you need to verify to acquire a VMC by reading our article on Verified Mark Certificates.
Creating a logo
It may seem obvious, but to use BIMI you need a branded logo, and to have a branded logo, you need to start with a logo! Even comprehensive BIMI services don’t automate this part, so it’s up to you to hire a designer and create a logo for your brand.
Self-hosting your BIMI logo and VMC file
BIMI requires that you have a BIMI logo image file and a VMC file hosted via HTTPS on the web. If you want to control the server that hosts your BIMI logo and VMC file, that comes with a price. You’ll have to find a way to implement the server yourself and deploy the files.
You can fully automate the deployment of these files, but you’d have to depend on an external service. The good news is that setting up a web server is not difficult anyway.
BIMI is an email authentication protocol that allows email recipients to see a brand’s logo in their inbox, indicating that the message is legitimate and trustworthy. BIMI uses DMARC to verify the sender’s identity and requires the use of a valid Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) record.
BIMI generators are tools that allow companies to create BIMI records and generate a BIMI logo that meets the necessary technical specifications. These generators typically require companies to provide a logo, domain name, and other details to create a BIMI record.
BIMI generation involves creating a BIMI record that includes the location of the brand’s logo and publishing it in DNS. Once the record is in place and verified, email providers can display the logo in the inboxes of recipients who receive messages from that brand’s authenticated domain. BIMI provides an additional layer of email security and authenticity and helps organizations build trust with their customers.
Subscribe to our LinkedIn Newsletter to receive more educational contentSubscribe now