What is BIMI: Ultimate Guide to BIMI in 2023

bimi email

BIMI helps you stand out and protect your brand identity in this new competitive era of email.

Cybercrime is a serious concern for businesses today, therefore it’s critical to understand how to avoid and fight phishing attempts as well as email spoofing.

By authenticating emails with BIMI email authentication, you are building a bridge of trust between your customers and yourself by proving that your email campaigns are legitimate.

Read this article to learn how to use BIMI to increase your brand’s visibility while improving your email security. We will cover topics such as:​

What is BIMI Email Authentication?

what is bimi

BIMI serves as a new standard to display your sender’s logo next to your messages’ subject line in the inbox. BIMI stands for (Brand Indicators for Message Identification).

Similar to SPF, DMARC, and DKIM, BIMI is here to help mark verifying authority of your brand through text records that you will find in sending servers.

Likewise, the beauty of BIMI is that it works in parallel with those programs, indicating to customers that you are actually you with your brand’s logo. This platform stands out from others, though, because it can help ensure that your logo gets shown in email inboxes that support such initiatives. This way, your brand is immediately visible to your email clients.

What Does a BIMI Logo Look Like?

Adopting BIMI will help your branding stand out in both Light Mode and Dark Mode.

bimi record
BIMI logo in Light Mode & Dark Mode

How does BIMI Work?

Like SPF, DKIM, and DMARC, BIMI is a text record. This text file is located on the DNS records of your company. Additionally, it has to abide by a specific format.

This BIMI file points the mail client to your brand’s logo (SVG file) publicly hosted on a web server.

As soon as email messages get sent, the recipient’s email service has to read the text file and check out where it is hosted. This is a security precaution that, if passed, is verified.

Once verified, the BIMI record tells the receiving mail servers where to find the brand logos and the email receiver pulls that logo and places it next to the email senders ‘From’ address in the email client’s inbox.

As simple as the process may be, you will have to set up the other forms of email specification (SPF, DKIM, and DMARC authentication) prior to your BIMI setup. You also have to be able to access the sending server for your domain name so that you can establish a new BIMI DNS entry. Lastly, you will need to make sure that your logo is in SVG format.

Once you have done all this, your email program will be ready to defend against any business email compromise.

bimi certificate
BIMI logo in the Inbox

4 Benefits of BIMI Implementation:

what is bimi record

Increases Brand Awareness

The value that Brand Indicators for Message Identification provides to email marketers is obvious: your emails have your brand logos and your recipients can quickly recognize your messages in their inboxes.

With your logo in every email, customers will be constantly reminded of your brand, which will boost brand recall.

Builds Trust

BIMI helps you build trust between you and your recipients.

When recipients see your brand logo, they immediately know that the message is really from you, increasing consumer confidence and reducing spam complaints.

The visibility and awareness that BIMI provides are beneficial, but the trust that is developed as a result of your company logo is far more essential for your marketing efforts.

bimi email

Increases Brand Security

As we mentioned before, BIMI requires other authentication records to be properly set up. Senders not using SPF, DKIM, and DMARC authentication will have to deploy them before they can start using BIMI to display their company logos in front of their emails.

Combined, all of these email authentication methods will prevent phishing attacks and protect your sending domain from email spoofing.

Improves Email Deliverability

Today’s deliverability is based more on email authentication and sending reputation rather than on the email content itself. BIMI is yet another step to improving your deliverability.

Mailbox providers have more trust in authenticated messages from a technical point of view. Thus, authenticated emails have more chances to hit the inbox.

However, only some email service providers currently support BIMI.

Which Mailbox Providers Support BIMI?

Prior to Google’s announcement of BIMI support in Gmail inboxes, only Yahoo and Verizon Media inbox providers, such as AOL.com, had already implemented this kind of email authentication. BIMI logos are also supported by the Australian email client, Fastmail.

  • Yahoo: Pilot publicly available with no VMC requirement 
  • AOL: Pilot publicly available with no VMC requirement 
  • Gmail: Rolling out general support in July 2021 with a VMC requirement 
  • Netscape: Pilot publicly available with no VMC requirement (right now)
  • Fastmail: Working towards a pilot
  • Comcast: In the planning stages
  • Microsoft: No BIMI support

As BIMI helps build your brand recognition and trust in your company’s emails, your recipients will be more willing to open the messages sent by your company. Positive user engagement will improve your email marketing program’s deliverability and brand reputation with all major inbox providers.

How to Set Up BIMI in 5 Steps

Although BIMI implementation looks simple, there are a few key things digital marketers should know when trying to implement BIMI for their brand:

1) Set up SPF, DKIM, and DMARC authentication records for your sending domain.

Make sure you set up SPF, DKIM, and DMARC email authentication for the messages that are sent from your domain. If any of these records is missing in DNS, add it.

2) Set the “p=reject” or the “p=quarantine” DMARC policy.

The BIMI standard won’t work if you use the “p=none” DMARC policy. If you are using DMARC in monitoring mode, check your DMARC reports to see if you can switch to the “quarantine” or “reject” policy to implement BIMI.

3) Create and host your brand’s logo file.

Create an SVG file for your logo and host the file at a publicly accessible HTTPS URL. If the referenced SVG file is in a GZIP-compressed form (SVGZ file), use the “svgz” extension.

4) Get a BIMI VMC Certificate.

Verified Mark Certificate (VMC) is a new type of digital certificate that proves the authenticity of a logo associated with the sender’s domain. The current plan is for Verified Mark Certificates to be mandatory for BIMI to be activated on a domain.

A VMC has the following key functions:

  • It validates your organization and associates it with your official brand logo.
  • It stops phishers and spammers from showing well-known logos next to their emails.
  • It prohibits misuse of your company’s logo.

The verification of a company’s logo will happen in two steps:

  1. The email server will take the URL specified in the / tag, which is where the logo is stored. If the logo URL is determined to be valid, then the server will take the location of the VMC.
  2. The email server will check whether the certificate verifies the published logo. Upon successful verification of the logo, the email server displays it next to the message in the recipient’s inbox.

How To Get a BIMI VMC Certificate

Just like SSL/TLS certificates, VMC will also be issued by trusted third-party certificate authorities after successful verification of the organization. DigiCert and Entrust Datacard are some of the first to join this initiative.

Contact their sales or support teams using the information below.

Digicert

Contact email: support@digicert.com

Live chat and phone contact are also available on the contact page.

Entrust Datacard

Contact email: sales@entrustdatacard.com

Live chat and phone contact are also available on the contact page.

How to Generate BIMI without VMC

At GlockApps, you can verify if a BIMI DNS record exists for your domain and generate a BIMI record if it doesn’t exist.

Currently, GlockApps generates a BIMI record without VMC. When it becomes a requirement, you will need to add the tag “a=” with a path to your VMC certificate file (.pem) to the BIMI record.

5) Access your DNS or domain name servers to set up a new BIMI DNS entry.

You should make several technical considerations when building the BIMI DNS record. The record should be published in a zone named “default._bimi”, located directly under the second-level domain (for example, if example.com is the desired second-level domain, the BIMI TXT entry sits at default._bimi.example.com).

The BIMI record consists of a fixed version string “v=BIMI1” followed by a separator (; and optional space) and then an “l=” tag.

The l= tag value is a full URL or up to two URLs separated by a comma. The “l” character in the tag is a “lower case L”. Using another character may impact the record being correctly interpreted.

The l= tag points to the URL with the HTTPS-accessible SVG image file that contains your brand’s logo.

Here is an example of a BIMI TXT record:

default._bimi.example.com TXT "v=BIMI1; l=https://domainmail.com/company-logo.svg;

a=https://domainmail.com/company-logo.pem"

How to Check BIMI Record

In order to perform a BIMI test, we suggest using the BIMI Checker at GlockApps.

You can enter your domain there and verify if your BIMI DNS TXT record already exists for your domain. If it doesn’t exist, you can generate a BIMI record.

BIMI check
Check BIMI with the GlockApps BIMI Validator

Conclusion

After all, BIMI (Brand Indicators for Message Identification) helps make it simpler for displaying logos alongside your email message in your recipient’s mailbox provider. This way, your visibility will increase while fraudulent messages are averted.

Stay ahead of the game! BIMI implementation will only benefit your email program by increasing brand recognition, security level, and email deliverability right away.

Read also:

How to Strengthen Your Brand with BIMI

What is BIMI and Why You Need It for Successful Email Marketing

Email Authentication: the Ultimate Guide

GlockApps Spam Testing for Marketers and Agencies

GlockApps Spam Testing

Test your email placement

Scan your emails through all the major spam filters before you send them.

Improve your deliverability

Get actionable tips for improving the delivery rate of every email you send.

Increase your revenue

Improve your overall email performance by delivering more emails to the inbox.

Related Posts

Setting up DKIM for Google Workspace

An email authentication technique called DomainKeys Identified Mail (DKIM) helps safeguard email senders and recipients from spam, spoofing, and phishing. Read more

Office 365 DKIM Setup

A lot of the cyberattacks begin with a phishing email. This emphasizes how crucial email security is. Brands sending email Read more

At GlockApps, we understand that our clients may be concerned about the credibility of the email placement results returned by Read more

welcome emails

Having a strong welcome email is the best strategy for email marketing when it comes to open rates, engagement, and Read more

AUTHOR BIO

Julia Gulevich is an email marketing expert and customer support professional at Geminds LLC with more than 15 years of experience. Author of numerous blog posts, publications, and articles about email marketing and deliverability.