Brand Indicators for Message Identification (BIMI) is an email specification that puts brands in control of how their logo appears within supporting email clients.
Simply put, BIMI allows companies to tell inbox providers what logos they’d like to appear in customers’ and prospects’ inboxes, rather than just letting the inbox provider display generic avatars or the company’s initials.
Email isn’t going away anytime soon. And as marketers, we’re always looking for ways to stand out in the inbox.
Being able to control your logo when sending emails, newsletters, receipts, offers, etc. is invaluable. It’s similar to having the perfect, consistent vanity URLs and display names across social media profiles – it’s low-cost but shows consistency, conveys trust, and increases recognition and reach.
Sounds great, right? It is!
Initial pilots have shown an increase in engagement by an average of 10% when inboxes display trusted brand logos next to email messages.
Successful implementation of BIMI requires that a brand’s emails be authenticated—which means the brand’s outgoing emails cannot be spoofed. This is an essential safeguard, preventing BIMI from being used by bad actors to sow further confusion.
This also promotes security hygiene and encourages the email ecosystem to take better precautions against phishing attacks by deploying and enforcing email authentication.
10 benefits of BIMI
BIMI provides several benefits to businesses and email recipients by enhancing email security, brand recognition, and user engagement.
“For organizations considering DMARC or BIMI, the message is clear: now is the time to implement both, to get the strongest protections possible for your business, customers, and employees, and gain increased brand recognition and interaction in inboxes worldwide.”
Seth Blank, CTO of Valimail
Here are the key benefits of implementing BIMI:
- Enhanced Brand Visibility: BIMI’s visual cue increases brand recognition and helps recipients quickly identify legitimate emails from trusted sources.
- Improved Email Trustworthiness: By implementing BIMI, organizations demonstrate their commitment to email authentication and protection.
- Reduced Phishing and Spoofing: BIMI requires the implementation of robust email authentication protocols like DMARC.
- Enhanced User Engagement: Emails that display recognizable logos through BIMI tend to have higher open and click-through rates.
- Stronger Email Authentication: BIMI encourages organizations to adopt email authentication standards like SPF, DKIM, and DMARC.
- Differentiation from Phishing Attempts: BIMI-enabled logos serve as a clear visual indicator of authenticity. This differentiation helps recipients distinguish between legitimate emails and phishing attempts.
- Consistent Brand Experience: BIMI ensures a consistent visual brand experience across different email clients.
- Industry Compliance: Implementing BIMI demonstrates a commitment to staying current with email authentication practices and complying with evolving security standards.
- Advanced Reporting and Insights: Organizations that implement BIMI and associated email authentication protocols gain access to valuable reporting and insights provided by DMARC.
- Become a Google Verified User: Google Workspace users who have adopted BIMI will now see a blue verified checkmark next to their names. This elevates the protection that DMARC provides into something tangible and visible for all Gmail users.
What are the prerequisites for BIMI?
According to the AuthIndicators Working Group’s website, you need the following to get ready for BIMI:
- Authenticate all of your emails with SPF, DKIM, and DMARC
- Ensure domain alignment (the domain used by SPF and DKIM is the same as the one used by DMARC)
- Ensure your DMARC policy is at enforcement
- This means either “p=quarantine” or “p=reject”
- No sp=none and no pct<100 policies
- Publish a BIMI record for your domain in DNS
- Where required, obtain a Verified Mark Certificate (VMC)
How SPF, DKIM, and DMARC work together
Sender Policy Framework (SPF) is the standard that launched domain-based email authentication, letting domain owners publish a list of approved IP addresses. If a mail server with an IP address not on the approved list tries to send an email using that domain, it won’t pass SPF authentication.
DomainKeys Identified Mail (DKIM) improves upon SPF’s protocols by using public key cryptography to authenticate individual email messages.
Both of these standards have limitations, however (which we will cover in-depth in our next post). This is where Domain-based Message Authentication, Reporting, and Conformance (DMARC) comes in.
Neither SPF nor DKIM authenticate the sender based on the “From:” field that a user sees. The policy specified in a DMARC record ensures that the DKIM key’s domain (or the SPF-verified Return-Path header) and the domain shown in the “From:” address are “aligned,” i.e. that they match.
This prevents any potential scammers or phishers from using a bogus domain in the “From:” address while signing the message with an unrelated domain that they control. This simple check provides an enormous amount of protection that hadn’t previously existed for email.
So in order to be BIMI-ready, your organization must have taken all of the steps necessary to implement a DMARC enforcement policy of quarantine or reject – thus being protected against spoofing to the highest standard out there today.
Take the first step in implementing BIMI and see if your domain is ready. Use our free BIMI ready domain checker!
What’s a VMC and do you need one?
To be BIMI-ready for some mail clients, you may be required to obtain a Verified Mark Certificate (VMC) from a certificate authority like DigiCert or Entrust Datacard. In their own words, VMCs “allow companies to render their brand logo next to the “sender” field in email clients — visible even before the message is opened.”
It essentially validates that your organization actually owns the logo you’re using for BIMI. In order to be issued a VMC, your organization must have a logo that has been registered with the trademark office —an additional step to ensure that your organization’s email logo display cannot be spoofed.
Valimail and DigiCert have partnered to offer one-stop shopping for getting BIMI ready, with DMARC monitoring and automation from Valimail and VMC issuing from DigiCert.
How to get started with BIMI
Getting to DMARC enforcement is one of the most challenging aspects of implementing BIMI. However, Valimail makes it easy.
Valimail Amplify is the only fully-automated BIMI solution on the market. This will provide you with an extra layer of authentication and proves that you did the work to get to DMARC enforcement.
To increase engagement, build brand recognition and trust, and control your brand consistency on a larger scale: