What Is BIMI (Brand Indicators for Message Identification)?

Want to know more about BIMI but don't know where to start? This blog post is the perfect place to learn about BIMI.
With-Without-Amplify

BIMI (Brand Indicators for Message Identification) is the newest email authentication standard, gaining traction among the leading inbox providers. Gmail, Yahoo, and Apple (among others) have jumped on board, and many others are considering offering inbox support in the future.

list of bimi providers

And why not? It’s additional brand exposure for marketers and a better user experience for customers—what’s not to like?

Picture this: You open your inbox and immediately spot your favorite brand’s logo right next to the sender’s name. You know it’s them (no second-guessing or double-checking the email address). You see the logo, and you’re confident they are who they say they are. That’s the power of BIMI.

BIMI isn’t just an email standard—it’s a golden ticket to enhanced recognition, engagement, and a more robust defense against phishing baddies. 

Whether you’re brand-new to BIMI or just want to know how it works, we’ve got you covered. Below, we’ll walk you through everything you need to know about BIMI: 

What is BIMI?

BIMI (Brand Indicators for Message Identification) is an innovative email standard that combines cybersecurity and visual branding. At its core, BIMI aims to boost the trustworthiness of email communication by allowing businesses to display their official logos directly in recipients’ email clients.

With-Without-Amplify

BIMI acts as a digital stamp of authenticity for emails. It leverages the following email authentication protocols to ensure that the sender’s identity is verified and that the email hasn’t been tampered with during transmission:

  • SPF (Sender Policy Framework)
  • DKIM (DomainKeys Identified Mail)
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance)

The magic of BIMI lies in its ability to display a brand’s logo prominently within the recipient’s email client interface—usually next to the sender’s name or email address. This visual confirmation reinforces the sender’s legitimacy and gives recipients a recognizable symbol of authenticity. 

BIMI’s process is straightforward. When a business implements BIMI, it establishes the necessary email authentication protocols, proving its ownership of the sender domain and ensuring email integrity. Once these checks are in place, email clients that support BIMI retrieve the authenticated logo from a designated location and display it alongside the verified email.

Simple as that.

Benefits of BIMI

BIMI is a game-changer for brands and consumers. From increased brand awareness to enhanced phishing protection, it’s an all-around win-win-win:

  • Enhanced brand visibility: The brand logo appearing directly in the recipient’s inbox provides an immediate visual cue. This boosts brand recognition and trust.
  • Increased trust: Email recipients can be more confident that an email is genuinely from the specified brand, reducing the chances of successful phishing attacks.
  • Higher engagement rates: Recognizable logos can increase open rates, as users might be more inclined to open emails they believe are genuinely from a known brand. We’ve found an average 10% increase in email open rates for brands using BIMI.
  • Encourages DMARC adoption: To use BIMI, domain owners must implement DMARC with a “quarantine” or “reject” policy. This promotes better email authentication practices across the board.
  • Protection against spoofing and phishing: As a byproduct of DMARC adoption, brands gain better protection against email spoofing and phishing attempts.
  • Improved customer confidence: Knowing that a brand is taking steps to secure its emails can boost customer confidence in interacting with brand communications.
  • Feedback and reporting: When combined with DMARC, BIMI provides a feedback mechanism, allowing domain owners to receive reports on email authentication results. This feedback can help identify delivery issues or potential security threats.
  • Competitive edge: Early adopters of BIMI can differentiate themselves from competitors in the email space, providing an additional layer of credibility in their communications.

How does BIMI work (and how to set it up)?

BIMI is activated by placing a specially formatted text file on your email server. Once a message arrives, the recipient’s email provider checks the BIMI text file available at an HTTPS endpoint.

After validation, the BIMI file directs the email provider to the location of the sender’s logo, which is then displayed in the recipient’s inbox.

Here’s the step-by-step process for how BIMI works:

1. BIMI prerequisites

You’ll need DMARC in place before you can get started with BIMI, which means you’ll also need DKIM and SPF. Here’s a brief breakdown of each’s purpose, implementation, and function:

SPF (Sender Policy Framework):

  • Purpose: SPF allows domain owners to specify which mail servers are authorized to send emails on their behalf.
  • Implementation:
    • You need to create a DNS TXT record in your domain’s DNS settings.
    • This record lists the IP addresses or hostnames of servers that are permitted to send emails for your domain.
  • Function: When an email is received, the recipient’s email server checks the SPF record of the sender’s domain to verify if the originating email server is authorized to send emails for that domain.

DKIM (DomainKeys Identified Mail):

  • Purpose: DKIM provides an encryption-based method to authenticate emails. It ensures that the email has not been tampered with during transit.
  • Implementation:
    • Generate a private-public key pair.
    • The private key is kept secret on your email server and is used to sign outgoing emails.
    • The public key is added to your domain’s DNS records as a TXT record.
  • Function: When an email server receives an email, it checks the DKIM signature using the public key in the DNS. If the signature is valid, it confirms the email’s integrity and authenticity.

DMARC (Domain-based Message Authentication, Reporting and Conformance):

  • Purpose: DMARC builds upon SPF and DKIM to give domain owners the ability to define a policy on handling emails that fail these authentication checks. It also provides reporting capabilities.
  • Implementation:
    • Create a DMARC TXT record in your domain’s DNS settings.
    • Define a policy (e.g., none, quarantine, or reject) that dictates the action to be taken when an email fails SPF or DKIM checks.
  • Function: Upon receiving an email, if either SPF or DKIM checks fail and DMARC is implemented, the receiving server will follow the DMARC policy defined. This could mean doing nothing (none), sending the email to spam (quarantine), or rejecting the email outright.
dmarc-policy-graphic

2. BIMI DNS record

The BIMI DNS record is a method for domains to share the location of their authenticated brand logo with email platforms that support BIMI.

This record is a TXT type in a domain’s DNS. Typically, it’s positioned at:

default._bimi.yourdomain.com.

Its structure is similar to DMARC records, comprising various tags. The primary tag is the l= tag, which directs to the logo’s location. 

For example, it might look like this:

l=https://yourdomain.com/path/to/logo.svg.

The logo should be in SVG format, specifically a secured variant known as SVG Tiny PS. The SVG format ensures that the logo appears crisp regardless of the display size or resolution.

The other tag should point to the location of the domain owner’s VMC. 

When an email provider that supports BIMI receives an email from a domain with BIMI enabled, it first checks for DMARC authentication. If the DMARC check is positive, the provider queries the BIMI DNS record to retrieve the logo’s location. Once validated, this logo will appear next to the email in the user’s inbox once delivered.

3. Verified Mark Certificate (VMC)

A VMC is a digital seal of approval for a brand’s logo. When you see a logo in your email that a VMC backs, it’s like receiving a written guarantee that the logo genuinely belongs to the brand it represents.

As digital threats like phishing become more sophisticated, ensuring that a logo isn’t just a clever imitation becomes essential. What’s the point of BIMI at all if cybercriminals can just forge look-alike logos to dupe consumers in the inbox?

Brands approach certain authorized Certificate Authorities (CAs) to embark on a rigorous validation journey. Throughout this process, the CA meticulously verifies a brand’s right to use the associated logo with its domain. Once a brand successfully navigates this process, they’re awarded their VMC.

We’ve collaborated with DigiCert to provide an all-in-one solution for BIMI readiness. With Valimail handling DMARC monitoring and automation and DigiCert taking care of VMC issuance, we’ve established a comprehensive one-stop-shop for users.

If everything works correctly, the inbox service provider (ISP) will show your logo next to your authenticated email in the recipient’s inbox.

How to check BIMI record (BIMI checker)

Once you’ve set up BIMI, you’ll want to double-check to ensure it’s working correctly in your clients’ inboxes. We have a simple, free-to-use BIMI Record Checker for that.

Just type in your domain, and we’ll run a check to see if BIMI is working or if you’re ready to set it up. We’ll quickly check to see if you have implemented DMARC at Enforcement and SPF. Next, we’ll verify your logo is showing up correctly, and your BIMI certificate is still current.

Gmail’s blue verified checkmark

To continue promoting BIMI adoption, inboxes continue to roll out support and features to maximize the protocol. In 2023, Gmail released a special incentive for users to adopt BIMI—a coveted blue checkmark next to your brand’s logo. 

google bimi checkmark

It’s an additional layer of trust that builds upon BIMI with an additional visual indicator that a brand is who it says it is.

Get started with BIMI

Seems easy enough for one brand, right? But what if you have multiple brand entities, domains, and logos? Now, things are going to get a bit more complicated.

That’s why we offer Valimail Amplify.

It’s the only fully automated BIMI solution on the market. We get all the steps right and work to obtain your brand’s VMCs. You just sit back, relax, and enjoy all the BIMI benefits we outlined above.

To learn how we can implement (and automate) BIMI at scale for your organization, schedule a free demo with one of our BIMI experts.

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.