What is BIMI: Ultimate Guide to BIMI in 2023
BIMI helps you stand out and protect your brand identity in this new competitive era of email.
Cybercrime is a serious concern for businesses today, therefore it’s critical to understand how to avoid and fight phishing attempts as well as email spoofing.
By authenticating emails with BIMI email authentication, you are building a bridge of trust between your customers and yourself by proving that your email campaigns are legitimate.
Read this article to learn how to use BIMI to increase your brand’s visibility while improving your email security. We will cover topics such as:
- What is BIMI Authentication?
- What does a BIMI Logo Look Like?
- How Does BIMI Work?
- Benefits of Implementing BIMI Record
- How to Implement BIMI Email Authentication in 5 Steps
- How to Generate BIMI without VMC
- How to Check BIMI Record
What is BIMI Email Authentication?
BIMI serves as a new standard to display your sender’s logo next to your messages’ subject line in the inbox. BIMI stands for (Brand Indicators for Message Identification).
Similar to SPF, DMARC, and DKIM, BIMI is here to help mark verifying authority of your brand through text records that you will find in sending servers.
Likewise, the beauty of BIMI is that it works in parallel with those programs, indicating to customers that you are actually you with your brand’s logo. This platform stands out from others, though, because it can help ensure that your logo gets shown in email inboxes that support such initiatives. This way, your brand is immediately visible to your email clients.
In addition to building brand visibility, it prevents fraudulent emails from using your domain and helps improve your email deliverability too.
What Does a BIMI Logo Look Like?
Adopting BIMI will help your branding stand out in both Light Mode and Dark Mode.
How does BIMI Work?
Like SPF, DKIM, and DMARC, BIMI is a text record. This text file is located on the DNS records of your company. Additionally, it has to abide by a specific format.
This BIMI file points the mail client to your brand’s logo (SVG file) publicly hosted on a web server.
As soon as email messages get sent, the recipient’s email service has to read the text file and check out where it is hosted. This is a security precaution that, if passed, is verified.
Once verified, the BIMI record tells the receiving mail servers where to find the brand logos and the email receiver pulls that logo and places it next to the email senders ‘From’ address in the email client’s inbox.
As simple as the process may be, you will have to set up the other forms of email specification (SPF, DKIM, and DMARC authentication) prior to your BIMI setup. You also have to be able to access the sending server for your domain name so that you can establish a new BIMI DNS entry. Lastly, you will need to make sure that your logo is in SVG format.
Once you have done all this, your email program will be ready to defend against any business email compromise.
4 Benefits of BIMI Implementation:
Increases Brand Awareness
The value that Brand Indicators for Message Identification provides to email marketers is obvious: your emails have your brand logos and your recipients can quickly recognize your messages in their inboxes.
With your logo in every email, customers will be constantly reminded of your brand, which will boost brand recall.
BIMI helps you build trust between you and your recipients.
When recipients see your brand logo, they immediately know that the message is really from you, increasing consumer confidence and reducing spam complaints.
The visibility and awareness that BIMI provides are beneficial, but the trust that is developed as a result of your company logo is far more essential for your marketing efforts.
Increases Brand Security
As we mentioned before, BIMI requires other authentication records to be properly set up. Senders not using SPF, DKIM, and DMARC authentication will have to deploy them before they can start using BIMI to display their company logos in front of their emails.
Combined, all of these email authentication methods will prevent phishing attacks and protect your sending domain from email spoofing.
Improves Email Deliverability
Today’s deliverability is based more on email authentication and sending reputation rather than on the email content itself. BIMI is yet another step to improving your deliverability.
Mailbox providers have more trust in authenticated messages from a technical point of view. Thus, authenticated emails have more chances to hit the inbox.
However, only some email service providers currently support BIMI.
Which Mailbox Providers Support BIMI?
Prior to Google’s announcement of BIMI support in Gmail inboxes, only Yahoo and Verizon Media inbox providers, such as AOL.com, had already implemented this kind of email authentication. BIMI logos are also supported by the Australian email client, Fastmail.
- Yahoo: Pilot publicly available with no VMC requirement
- AOL: Pilot publicly available with no VMC requirement
- Gmail: Rolling out general support in July 2021 with a VMC requirement
- Netscape: Pilot publicly available with no VMC requirement (right now)
- Fastmail: Working towards a pilot
- Comcast: In the planning stages
- Microsoft: No BIMI support
As BIMI helps build your brand recognition and trust in your company’s emails, your recipients will be more willing to open the messages sent by your company. Positive user engagement will improve your email marketing program’s deliverability and brand reputation with all major inbox providers.
How to Set Up BIMI in 5 Steps
Although BIMI implementation looks simple, there are a few key things digital marketers should know when trying to implement BIMI for their brand:
1) Set up SPF, DKIM, and DMARC authentication records for your sending domain.
2) Set the “p=reject” or the “p=quarantine” DMARC policy.
The BIMI standard won’t work if you use the “p=none” DMARC policy. If you are using DMARC in monitoring mode, check your DMARC reports to see if you can switch to the “quarantine” or “reject” policy to implement BIMI.
3) Create and host your brand’s logo file.
Create an SVG file for your logo and host the file at a publicly accessible HTTPS URL. If the referenced SVG file is in a GZIP-compressed form (SVGZ file), use the “svgz” extension.
4) Get a BIMI VMC Certificate.
A Verified Mark Certificate (VMC) is a new type of digital certificate that proves the authenticity of a logo associated with the sender’s domain. The current plan is for Verified Mark Certificates to be mandatory for BIMI to be activated on a domain.
A VMC has the following key functions:
- It validates your organization and associates it with your official brand logo.
- It stops phishers and spammers from showing well-known logos next to their emails.
- It prohibits misuse of your company’s logo.
The verification of a company’s logo will happen in two steps:
- The email server will take the URL specified in the / tag, which is where the logo is stored. If the logo URL is determined to be valid, then the server will take the location of the VMC.
- The email server will check whether the certificate verifies the published logo. Upon successful verification of the logo, the email server displays it next to the message in the recipient’s inbox.
How To Get a BIMI VMC Certificate
Just like SSL/TLS certificates, VMC will also be issued by trusted third-party certificate authorities after successful verification of the organization. DigiCert and Entrust Datacard are some of the first to join this initiative.
Contact their sales or support teams using the information below.
Contact email: firstname.lastname@example.org
Live chat and phone contact are also available on the contact page.
Contact email: email@example.com
Live chat and phone contact are also available on the contact page.
How to Generate BIMI without VMC
At GlockApps, you can verify if a BIMI DNS record exists for your domain and generate a BIMI record if it doesn’t exist.
Currently, GlockApps generates a BIMI record without VMC. When it becomes a requirement, you will need to add the tag “a=” with a path to your VMC certificate file (.pem) to the BIMI record.
5) Access your DNS or domain name servers to set up a new BIMI DNS entry.
You should make several technical considerations when building the BIMI DNS record. The record should be published in a zone named “default._bimi”, located directly under the second-level domain (for example, if example.com is the desired second-level domain, the BIMI TXT entry sits at default._bimi.example.com).
The BIMI record consists of a fixed version string “v=BIMI1” followed by a separator (; and optional space) and then an “l=” tag.
The l= tag value is a full URL or up to two URLs separated by a comma. The “l” character in the tag is a “lower case L”. Using another character may impact the record being correctly interpreted.
The l= tag points to the URL with the HTTPS-accessible SVG image file that contains your brand’s logo.
Here is an example of a BIMI TXT record:
default._bimi.example.com TXT "v=BIMI1; l=https://domainmail.com/company-logo.svg;
How to Check BIMI Record
In order to perform a BIMI test, we suggest using the BIMI Checker at GlockApps.
You can enter your domain there and verify if your BIMI DNS TXT record already exists for your domain. If it doesn’t exist, you can generate a BIMI record.
After all, BIMI (Brand Indicators for Message Identification) helps make it simpler for displaying logos alongside your email message in your recipient’s mailbox provider. This way, your visibility will increase while fraudulent messages are averted.
Stay ahead of the game! BIMI implementation will only benefit your email program by increasing brand recognition, security level, and email deliverability right away.
GlockApps Spam Testing for Marketers and Agencies
Test your email placement
Scan your emails through all the major spam filters before you send them.
Improve your deliverability
Get actionable tips for improving the delivery rate of every email you send.
Increase your revenue
Improve your overall email performance by delivering more emails to the inbox.