What Is BIMI? | Enhance Security + Visibility In The Inbox
BIMI (Brand Indicators For Message Identification) is an emerging security technology that attaches your brand’s logo to your authenticated email messages so customers can know they are from your email service. It helps validate your email marketing and builds trust with customers.
Inboxes today are often filled with spam, making it difficult for consumers to trust the authenticity of emails claiming to come from legitimate businesses.
This article will discuss how BIMI works, highlight mailbox providers that support it, and walk through how to set up BIMI.
Summary of key BIMI concepts
Before we get into the details, let’s touch on the key BIMI concepts covered in this article.
|What is BIMI?||BIMI (Brand Indicators For Message Identification) is an emerging security technology that attaches your brand’s logo to your authenticated email messages, so customers trust it’s from your email service.|
|How BIMI works||Collaborates with DKIM, SPF, and DMARC protocols to safeguard your domain from being hacked by a malicious actor to forward fraudulent emails.|
|Why is BIMI important for email marketers?||BIMI benefits both senders and mailbox providers because of enhanced security.|
|Why was the BIMI email specification introduced?||To enable brands to establish greater trust when sending emails using their brand logo.|
|Which mailbox providers support BIMI?|
|How to set up BIMI|
What is BIMI?
BIMI improves email marketing strategy for open rates and building customer trust, effectively helping your brand stand out.
BIMI works with the DKIM (domain keys identified mail), SPF (sender policy framework), and DMARC (domain-based message authentication, reporting, and conformance) protocols to safeguard your domain from being hacked by a malicious actor to forward fraudulent emails.
Benefits of BIMI logos include:
- Enhancing brand recognition and bonus branding on email campaigns.
- Providing brands more control over inbox logos.
- Boosting open email rates
- Protecting against email brand spoofing.
BIMI is not the first to try to add logos to brand messages. Google+ was a social network designed by Google to connect senders with their official logos, but its efforts failed.
While it appears BIMI will be more successful, it isn’t exactly simple. Setting up BIMI ]is more complex and technical than sending your logo somewhere. You need a specific file to design a BIMI logo, and you must add a BIMI record to your domain’s DNS server.
Let’s check out the process of how BIMI works.
How BIMI works
BIMI is implemented by using a text file in a specific format on your email server. After a message is delivered, the recipient’s email service looks up the BIMI text file hosted at an HTTPS endpoint.
After verification, the BIMI file notifies the email service where to find the sender’s logo and the email service receiving the emblem in the inbox.
To set up your BIMI, you need:
- An email domain that has implemented DKIM, SPF, and DMARC.
- Access to your domain servers to establish a new BIMI DNS entry.
- An SVG file of your logo
- A Verified Mark Certificate (VMC)
Only some mailbox providers currently support BIMI. Others may add BIMI services in the future, but for now, you should check with your mailbox provider to see if they support BIMI. You’ll find a listing of which mailbox providers support BIMI later in this article.
If not set up properly, you can run into challenges when implementing and maintaining BIMI. Consider using Valimail’s Amplify to streamline efforts to become BIMI compliant and easily manage your BIMI configuration. Additionally, Valimail partners with Digicert to acquire a VMC for you.
Why is BIMI important for email marketers?
BIMI benefits both senders and mailbox providers because of enhanced security. Senders can build trust and recipients are less likely to fall victim to costly scams.
The FBI (Federal Bureau of Investigation) reports that United States-based Businesses lost more than $2 billion through email fraud between 2014 and 2019. Think of how much money is lost but has yet to be reported.
BIMI also mitigates phishing attempts. BIMI helps your customers identify authentic messages from you, so you help protect them from impersonators who don’t have your BIMI-protected logo.
BIMI Makes your messages stand out
There’s also an aesthetic benefit to BIMI-complaint mail. With BIMI, the brand’s logo in the inbox is visible, which helps your messages attract attention and encourages engagement.
Why was the BIMI email specification introduced?
BIMI is here to encourage you to use stronger email authentication. If a company wants to build its reputation, they need to pay attention to email spoofing because it can ruin its brand reputation. It’s a significant problem for mailbox providers like Gmail, Outlook, and Apple Mail.
When people using their email services start getting scammed, they generally lose trust in that mailbox provider for letting those harmful emails through instead of blocking them or forwarding them to spam.
Email authentication is the most optimal solution to prevent spoofing. The major problem is that too many senders have DMARC policies that are too permissive. Research on DMARC adoption indicated that valid DMARC policy records rose by 84% in 2021. However, that doesn’t mean DMARC is being enforced. In fact, the research shows nearly two-thirds (65%) of domains were using a
To understand why that’s important, let’s review DMARC policy options:
p=none: There is no policy; therefore, mailbox providers must decide how to filter the message if it fails DMARC.
p=quarantine: This policy permits mailbox providers to send any message that fails DMARC to spam.
p=reject: It permits mailbox providers to block messages that fail DMARC from being delivered. This is the strictest of all policies.
Furthermore, to get a BIMI logo, you must have a DMARC policy of either
However, too many forwarders opt to stick with a
p=none policy after setting up DMARC, and that does nothing to prevent spoofing. The
p=none policy is attractive to some because DMARC can be tricky to set up and some senders worry that valid messages could inadvertently be blocked or quarantined.
Along with enforcing DMARC, you’ll also need what’s called Verified Mark Certificate (VMC) if you want the most out of BIMI. Well-known mailbox providers (like Gmail) require a VMC before your logo is displayed in the inbox. A VMC nearly will cost the brand around $1500 per year. A third-party service, such as Valimail’s Amplify, can optimize costs and be the one-stop shop for obtaining and maintaining proper BIMI configuration and compliance.
Which mailbox providers support BIMI?
Most popular email clients support BIMI. Here’s a list of big names that support BIMI today:
- Yahoo Mail
- Apple Mail
Verizon Media Group (i.e., AOL, Yahoo, Verizon, etc.) is known to be an early adopter of the BIMI email specification. Additionally, the Australian mailbox provider FastMail has also helped BIMI for some time. Then, in 2021, BIMI gained hype when Google Announced that Gmail was piloting a program to fully support it.
Since Gmail addresses make up the most significant slice of most contact lists, BIMI became a compelling idea for many brands.
Gmail also brings the VMC Requirement into the mix. That means brands must ensure their logos are copyrighted (not as common as you may assume) and corroborated by a verified third party. Likewise, Apple Mail will also need a VMC before a brand’s BIMI logo is showcased. Verizon does not require a VMC but takes the certificate into account.
So, here the question arises: what do you need to do to make BIMI work? We’ll answer that in the next section.
How to set up BIMI
Setting up BIMI may seem intimidating at first, but you can get it done by following these seven simple steps:
- Determine your sending domain, where you’ll upload the BIMI TXT record to the DNS server. Seek help from the IT department or the cybersecurity department.
- Check that your email authentication protocols are implemented and functioning. You have to use domain keys identified mail (DKIM), sender policy framework (SPF), or both.
- Set up your DMARC policy to
p=none). There are also some other settings in the DMARC record.
- Design a BIMI logo as an SVG file that will be transferred to the DNS server. One must use the SVG tiny 1.2 formats, which are protected and safe.
- Obtain a VMC for your logo from a recognized organization. DigiCert and Entrust are the two famous authentic certificate authorities.
- Disclose your BIMI TXT record to the DNS server. Remember to double-check the location of your logo file. It may need to be corrected.
- Review that BIMI works and that your logo shows up as intended. You can verify that your BIMI setup works correctly using Valimail’s free BIMI checker: https://domain-checker.valimail.com/bimi/.
Pursuing better email authentication for your brand and a VMC enhances your security and your brand’s visibility. However, it’s up to the mailbox providers to determine whether to display your BIMI logo.
Though it only takes seven steps to implement BIMI, its setup is more complex than simply sending your logo somewhere. Many find it challenging to comply properly and maintain because its implementation is very technical. For assistance, consider sourcing a third-party service, such as Valimail’s Amplify, to streamline efforts.
Subscribe to our LinkedIn Newsletter to receive more educational contentSubscribe now