189 Upvotes | 36 Comments.
This blog talks about BIMI, an email authentication standard that helps brands gain trust as an email sender. As marketers and developers, you will learn what BIMI is, why it was introduced, and how to implement it .

What is BIMI?

BIMI stands for ‘Brand Indicators for Message Identification.’ It is an email authentication and marketing standard that allows brands to display their logos next to their emails in supporting MSPs. BIMI enhances email deliverability, helps prevent phishing attacks, and improves brand recognition in users' inboxes.

Why was BIMI introduced?

The story behind the introduction of BIMI begins with the need to address security challenges while enhancing brand recognition in email communications. 

Here are the top 5 consideration

1. Email Authentication Enhancement: BIMI builds upon existing email authentication methods like DMARC (Domain-based Message Authentication, Reporting, and Conformance) to provide an additional layer of authentication. This ensures the recipients that the email sender is legitimate and that the email hasn't been tampered with.
   
2. Customer Protection through Visual Authentication: BIMI allows email recipients to see verified logos of the brands next to the subject line. This visual indicator provides recipients with a quick and recognizable way to verify the authenticity of the email.
   
3. Improved Email Deliverability: Implementing BIMI can positively impact email deliverability. ISPs (Internet Service Providers) and MSPs (Mailbox Service Providers) may prioritize messages with BIMI records, as they are more likely to come from verified sources.
   
4. Enhancing Brand Trust: BIMI helps brands build trust with their email recipients by providing a consistent and recognizable brand presence. This can lead to better engagement and more successful email campaigns.

BIMI aims to assure a more secure and trustworthy email environment for both senders and recipients.

BIMI prerequisites for marketers

As a marketer, leveraging BIMI in your email marketing campaigns requires collaboration with your organization's IT or technical team. While marketers don't handle the technical implementation directly, understanding the prerequisites and guiding the process is crucial. 

Here are the prerequisites for marketers to consider:

1. Alignment with IT Team: BIMI implementation involves technical configurations, such as email authentication and DNS record setup. Ensure open communication and collaboration with your IT or technical team. Work together to ensure a smooth implementation process.
   
2. Email Authentication Setup: Familiarize yourself with email authentication protocols like SPF, DKIM, and DMARC. Understand their importance in email security and how they play a role in BIMI implementation.
   
3. Brand Logo in SVG Format: Prepare your brand logo in SVG (Scalable Vector Graphics) format. SVG is the recommended format for BIMI, as it ensures a high-quality display of logos across various devices and screen sizes.
   
4. Verified Mark Certificate (VMC): Work with your IT team to obtain a Verified Mark Certificate from an authorized certification authority. Note that to qualify for a VMC, your logo must be legally trademarked with BIMI-accepted trademark offices. The VMC validates your brand's ownership of the logo and is required for BIMI implementation.
   
5. Brand Consistency: Ensure consistent use of your brand logo across various marketing materials, including your website, social media, and email communications. Visual affirmation reinforces brand recognition and strengthens your BIMI implementation.
   
6. BIMI Awareness and Support: Stay informed about MSPs that support BIMI. As its adoption is growing, it's essential to know which MSPs display the brand logo as part of their BIMI implementation.
   
7. Promote Brand Trust: Emphasize the security and trust aspects of BIMI to your customers. Educate them about the logo display in authenticated emails and how it helps combat phishing attempts. This will project your brand's commitment to customer safety.
   
8. Monitor Performance Metrics: After BIMI implementation, keep track of email metrics such as open rate, click-through rate, and inboxing rate. Analyze the impact of BIMI on your email campaigns and brand recognition.

BIMI prerequisites for developers

For developers, implementing BIMI involves technical configurations and adherence to specific regulations for seamless integration. Here is what you need to consider:

1. Email Authentication Setup:  Ensure that the domain has proper email authentication protocols in place, including SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance). BIMI builds upon these authentication protocols to verify the legitimacy of the sender's domain.
   
2. DMARC Policy Configuration: Set up a DMARC policy for the domain. To be eligible for BIMI, the DMARC policy must be set to either ‘quarantine’ or ‘reject.’ A DMARC policy of ‘none’ does not provide sufficient protection against email spoofing and does not qualify for BIMI.
   
3. DMARC Monitoring and Reporting: Implement DMARC monitoring to receive reports on email authentication results. These reports provide valuable insights into email delivery, authentication failures, and potential phishing attempts. This allows you to fine-tune your email authentication setup.
   
4. Obtain a Verified Mark Certificate (VMC): For BIMI to display a brand's logo, the domain must obtain a Verified Mark Certificate (VMC) from an authorized certification authority. Obtain the VMC to validate that your brand is authorized to use the specific logo in email communications.
   
5. Prepare Brand Logo in SVG Format: Ensure the brand logo is available in SVG (Scalable Vector Graphics) format. SVG is the recommended format for BIMI as it allows for scalable and high-quality display of logos across devices and screen resolutions.
   
6. Host Logo on a Secure Domain: Host the brand logo on a publicly accessible and secure domain that supports HTTPS. This ensures that the logo is served securely and encrypted, promoting a secure browsing experience for recipients.
   
7. Configure DNS Records: Add the necessary DNS (Domain Name System) records, including the BIMI record, to associate the VMC with the domain. The BIMI record points to the location of the brand logo and indicates that the domain is BIMI-enabled.
   
8. Test BIMI Implementation: Conduct thorough testing to ensure that the BIMI implementation is correct. Test emails for various MSPs that support BIMI to verify the logo display and proper authentication.

Developers play a critical role in ensuring the successful implementation of BIMI. Collaboration with other stakeholders, including marketers and IT teams, is essential for a successful BIMI integration.

Recent development

Gmail has officially rolled out the ‘Blue tick’ for users who have verified themselves on BIMI. It represents a significant development in the use of BIMI and email authentication.

With this implementation, Gmail is leveraging BIMI to display a blue verification badge. This is similar to the one used on social media platforms, seen next to authenticated messages from verified senders. This blue tick serves as a visual trust indicator for recipients, confirming the authenticity of the email and the sender's identity.

This is likely to enhance email security and brand recognition for verified senders. It helps users quickly identify legitimate emails and reduces the risk of falling victim to phishing attempts or fraudulent emails.

As the digital landscape evolves, major MSPs like Gmail continuously work on improving email security and user experience. The integration of BIMI and the ‘Blue tick’ verification badge further aligns email authentication with the concept of social media verification, providing a consistent user experience across platforms.

Conclusion

BIMI is a powerful email authentication standard that offers several benefits to both marketers and recipients.

By implementing BIMI, marketers can leverage the display of brand logos in authenticated emails to enhance brand visibility, differentiate their emails in recipients' inboxes, and improve open and click rates. BIMI also helps recipients combat phishing attempts and email spoofing and provides assurance that the email is genuinely from a verified sender.

Whether you are a marketer or a developer, BIMI implementation is an essential element to your email marketing campaigns. And Netcore makes sure that the process is made seamless for you. Our in-house experts guide you on every aspect of BIMI implementation.  

For the second year in a row, Netcore has received the ‘Highest overall customer rating’ as a Customers’ Choice, in the 2022 Gartner Peer Insights ‘Voice of the Customer’ Report.

We send over 20 billion emails a month on behalf of 6500+ businesses across 40 countries. Connect with us to understand how you can benefit from our expertise and experience.

Thinking about enhancing trust among your email recipients? Try BIMI today!

Frequently asked questions

• Why is my BIMI logo not appearing in emails?
• List of Mailbox Providers and Email Clients Supporting BIMI
• Why is BIMI so important?
• Email security evolution: Gmail enhances BIMI security with Blue Tick✔
• Is it mandatory to implement BIMI?
• Is BIMI going to increase open rates for your email?
• Why is BIMI important for Mailbox providers and Mail Clients?
• How to implement BIMI?
• How to create a BIMI supported SVG Logo file?
• What is DMARC Enforcement?
• BIMI checklist for building sender reputation

You can find more BIMI implementation related Frequently Asked Questions here.

Why is my BIMI logo not appearing in emails?

Simply publishing a BIMI record doesn't guarantee your logo will display. BIMI is just a framework to mention your preferred logo for brand identification. The decision to show a logo entirely lies with the mailbox provider and supported email client. This would happen primarily for these reasons:

1. The receiver doesn't have support for BIMI. Please check whether the receiving mail server is there in the list of BIMI support email clients.
2. Your current sender reputation is low to qualify for the BIMI logo display. Currently, measuring a sender reputation is very subjective and, none of the ISPs publishes this. However, there is a recommended checklist to know the health of your sender domain.
3. Your BIMI implementation is incorrect - ex: bad SVG, poor domain reputation or missing VMC

List of Mailbox Providers and Email Clients Supporting BIMI 

The adoption of BIMI is currently in its early stages. Yahoo has been the first one to extend its support for BIMI in both its webmail and mobile email applications. Gmail announced support for BIMI in 2020, which has driven interest among email marketers. 

Currently, not all mail clients support BIMI. So, even though you may have a high sender reputation and have implemented the required BIMI records, your brand logo might not start appearing in all the mailboxes. Some providers only support BIMI on specific classifications of the email (i.e. commercial and transactional vs personal) while others support it for all mail from a domain.

List of providers currently in the beta phase of supporting BIMI

• Verizon Media Group (Yahoo, AOL etc.)
• Gmail
• Fastmail

"Yahoo has launched BIMI into general availability for qualifying brands, while Google and Fastmail are currently running pilots in their email clients. Gmail and others are expanding their beta scope, so soon will start enabling more brands for BIMI."

List of providers currently in the planning phase to support BIMI:

• Comcast
• seznam.cz

List of providers with no support for BIMI:

• Microsoft
• 1&1
• Yahoo Japan

This list is last updated on Oct 2020. Source: BIMIGroup

Configuring BIMI requires some effort to have your brand's email authentication in order, follow the BIMI Implementation Guide to get started.

Why is BIMI so important?

With the rise of phishing, spoofing, and fraudulent emails causing data breaches and eroding consumer trust it is important to protect your brand from being targeted or used in these efforts. You’ve likely already heard dozens of stories about fraudulent transactions, accounts getting hacked, and data breaches impacting consumer privacy and brand trust.

It is important to have strong email authentication and identification mechanisms to protect your brand and consumers from these fraudulent messages. BIMI is an important step towards that goal by giving brands a reason to implement strong authentication practices. 

Most email consumers are non-techies. So, they can't analyze the technical information of an email like the results of SPF or DKIM validation, the type of TLS used to transmit the message,  or the return path to determine which emails are legitimate and which are a fraud.

For this reason, the industry has been trying to innovate to bring visual cues to email identification for the last couple of years.

Few great examples of visual modes of spam identification:

• Gmail's Spam notification message
• Gmail Red lock icon
• BIMI in emails

Gmail's Spam notification message

Gmail Red lock icon

BIMI in emails

"Broken logo or no logo will soon be a symbol of distrust. Email recipients will start categorizing such broken emails as spam, and getting low email open rates will be higher."

Email security evolution: Gmail enhances BIMI security with Blue Tick✔

In 2021, Gmail introduced Brand Indicators for Message Identification (BIMI)—a feature allowing brands to display their logo for authenticated messages sent from the registered domain. BIMI ensures that only legitimate senders can add their brand logo as an avatar in emails. In a step towards enhancing email security and trustworthiness, Gmail has now introduced a blue tick feature specifically designed for BIMI adopters. This move perfectly aligns with the trending blue tick verification seen across various social media platforms.

A distinctive blue tick icon appearing alongside the brand logo will serve as a visual cue for users to identify messages from verified/trusted sources and avoid scams.

Google, the tech giant behind Gmail, officially announced the rollout of the blue tick feature on their blog. The update ensures that when a user encounters an email with a blue tick, they can trust that it originates from a verified source.

Expanding on the update, Gmail's blue tick feature has been deployed for both Rapid Release and Scheduled Release domains. Google has confirmed that all Google Workspace customers, legacy G Suite Basic and Business customers, as well as users with personal Google accounts, are eligible to obtain the blue tick mark.

If you're wondering how to acquire the blue tick on Gmail, follow these simple steps:

• Set up SPF, DKIM, and DMARC authentication for your domain.
• Configure BIMI for your domain.
• Register your brand logo as a trademark and apply for a verified mark certificate (VMC)

Gmail's blue tick feature boosts email security and creates a safer environment for users. It helps users quickly identify trusted senders and potential risks, making Gmail's email system even stronger.

Is it mandatory to implement BIMI?

No email authentication solutions are mandatory at this time, but their use is highly recommended. As such, BIMI is not a compulsory email specification to implement. Having said that, the user experience and anti-spam values which BIMI brings to the table are tremendous. 

As per Netcore’s experts, the adoption of BIMI is expected to increase with time and has been growing steadily over the last year.

Is BIMI going to increase open rates for your email?

Marketing executives are looking at BIMI as an opportunity to market their brand without even getting an email open. Email users spend less than a second reading on a particular subject line in a preview pane. If your subject is not engaging enough, then you may be missing the opportunity to get open and click.

Marketers have relied on the subject line and sender name as the driving factors for getting an email open, but now with the launch of BIMI users may start seeing the brand logo in their preview panes which are predicted to influence their decision to open an email. Not all implementations currently support Logo in the list view portion of the email clients.

That's precisely why email marketers worldwide should look to include BIMI as a part of their email programs.

BIMI will also create new opportunities for the designers to innovate with logos or favicons to make their brand stand out in the email preview pane.

Why is BIMI important for Mailbox providers and Mail Clients?

SPF, DKIM and DMARC are the email authentication parameters for protecting emails from being spoofed. But, the reality is the average email users is not aware of these authentication frameworks. You can't expect them to read the email headers to identify the source IP and what all authentications are failing. Therefore, it's important to give users some more visual representation to identify potential spammers and protect their losses at a very early stage.

While Gmail and a few other global leaders are trying to enhance these more visual elements,  many email clients are still lagging. As per Retruster 2019 Security stats, last year 76% of businesses and 60% of American families reported they were victims of one or the other phishing or scam attacks. These numbers are enough for the industry to take some immediate steps. BIMI is one such outcome focusing on driving support of strong authentication in an effort to help users and mailbox providers identify the authenticity of the sender.

The adoption of BIMI will increase among mail clients and email service providers because it is directly promoting the adoption of DMARC among the organizations.

Spammers currently enter your mailboxes with fraudulent brand identities, like a fake lottery or a fake overseas job offer. But, once the adoption of BIMI increases, so will the adoption of DMARC with strict policy rules (i.e. either quarantine or reject). With such a strict DMARC policy check in place, many of the brands impersonated emails will not be able to deliver to the inbox nor even make it out of the spam folder. 

BIMI, along with DMARC, will enhance the email security layer for many sensitive business units like banks, payment gateways, social media platforms, donation platforms and online retailers. Thanks to the efforts of the BIMI group for making this happen. It's going to be a reward for all good senders for following the strong authentication standards.

How to implement BIMI?

BIMI requires a strict DMARC configuration(explained below) to be set on your organization domain (ie. company.com). 

Having a strict DMARC record helps the receiver decide what to do with emails messages from the brand's domain that fail authentication. This allows the receiver to test whether it is safe to show the brand-defined logo or not. Leveraging on the existing authentication framework is probably the best part of BIMI, which in turn is the email ecosystem.

In the next sections, you will learn what DMARC enforcement is and how to implement BIMI for your emails.

What is DMARC Enforcement?

A DMARC record without enforcement (p=none) is like checking everyone’s identification at the door but letting everyone come inside the building anyway. It’s a good way to report on who is entering and to gather data to make sure the proper safeguards are in place while not interrupting the day-to-day use of the building. It is also the start of a journey into protecting your brand, employees and customers by collecting data to identify areas for improvement. 

DMARC enforcement refers to a specific parameter in the TXT record, indicated by "p". In this parameter, the domain owner can set the mail handling request for the receiving server. To enable DMARC, start with a p=none record and evaluate your authentication. Then look to move to a stricter enforcement policy of p=quarantine with an eye on moving to p=reject in the future. 

In case of DMARC authentication failure, the receiving mail server will check the value of "p=", and may take the requested action of none, quarantined or reject the message from the server.

Steps to implement BIMI for your emails

1. Implement SPF and DKIM: This is the first step to get your domain ready for BIMI. You need to not only implement SPF, DKIM and DMARC but also need to ensure domain alignment across the two. You can achieve domain alignment by updating the SPF and/or DKIM must be authenticated using your From Domain.

2. Implement DMARC with enforcement policy: You need to set up the DMARC record on the From domain. While setting up the DMARC record, you must keep the value of p to either "p=quarantine" or "p=reject". Enabling enforcement policy on your emails shows confidence in the proper authentication of the emails you are sending and helps you build a positive sender reputation with the receiver. Here is a sample DMARC record with enforcement enabled:

_dmarc.pepipost.com TXT v=DMARC1; p=quarantine; sp=none; fo=1; ri=3600; rua=mailto:[email protected]; ruf=mailto:[email protected]

3. Publish a BIMI record: The next step is to create your BIMI compatible logo. Currently, BIMI specifications support only a square-shaped image in the SVG tiny-ps format. This SVG logo should be hosted publicly and must be accessible via secured HTTPS. Once the logo is ready and hosted on a public HTTPS URL, you can go ahead with updating the BIMI record on your DNS.

Here is an example of a BIMI record published for pepipost.com:

default._bimi.pepipost.com. TXT     "v=BIMI1; l=https://toolsapi.pepipost.com/image/logo.svg; a=;"

You should connect with your graphic designer and  IT team to get these records implemented. Based on your hosting/nameserver provider, the exact steps to publish these records in your DNS may vary.

The most common issues while implementing SPF, DKIM, DMARC or BIMI record is the use of line-wraps, newlines, or whitespaces. Please ensure you're copying and updating the correct record without any additional characters.

The requirement for obtaining a Verified Mark Certificate (VMC) also referred to as BIMI certificate is currently optional, but the requirement for a BIMI VMC will become more important once they are available to all brands and domains. In a recent announcement, Google has recommended email senders to use Entrust Datacard and DigiCert as the Certification Authorities to validate their logo ownership.

BIMI checklist for building sender reputation 

1. Focus on building or maintaining a high sender reputation by sending high engaging emails with low bounces and spam complaints.
2. Your sender domain should not be a part of the global DNSBLs or RBLs list. Use the GradeMyEmail to know the blocklist status of your domain.
3. Consult with a trusted authority to issue a Verified Mark Certificate (VMC) for your sender domain. Currently, this is optional, but if your sender reputation is excellent and still the BIMI logo not appearing, then this is worth trying. Once the certificate is issued, you should add that as a part of your BIMI TXT record.

For any queries, please feel free to comment below or contact us for a free 1-1 email consultancy.