What Is BIMI: Your Verified Brand Logo Next to Your Email in The Inbox

Written by easydmarc | Published 2023/10/17
Tech Story Tags: cybersecurity | bimi | dmarc | spf | dkim | phishing | email-security | good-company | hackernoon-es | hackernoon-hi | hackernoon-zh | hackernoon-fr | hackernoon-bn | hackernoon-ru | hackernoon-vi | hackernoon-pt | hackernoon-ja | hackernoon-de | hackernoon-ko | hackernoon-tr

TLDRCreating a valid BIMI record and putting it into action may seem challenging at first. However, it’s becoming increasingly popular as phishing attacks continue to evolve. More and more brands are adopting this email authentication standard, making the safety and protection of their users a priority for them.via the TL;DR App

Phishing and fraudulent emails are on the rise and continue to be major problems for both businesses and consumers. It has become a must for brands to adopt security measures and make it a safe and reliable journey for their customers.

Having DMARC, DKIM, and SPF in place, businesses are adopting BIMI, a relatively new authentication standard for another layer of protection.

It’s the only visual assistance out of all the other verification methods, helping your recipients identify that your messages are coming from an authentic and legitimate source.

BIMI is a great way to build trust in email communication and help avoid phishing. In this article, we will delve into the details of this authentication standard and cover its step-by-step implementation process.

What Is BIMI?

BIMI, or Brand Indicators for Message Identification, is an email standard that attaches your brand logo to authenticated messages sent from your domain. In other words, it allows you to display the logo next to the email in the recipients’ inboxes. This kind of visual verification helps your users instantly recognize your emails and be more confident in opening them.

https://www.youtube.com/watch?v=LjtGwsWDNDY&t=87s&embedable=true

Like DMARC, DKIM, and SPF, BIMI is a text record that works by allowing you to publish it in your DNS. The record consists of secure URLs to your logo and your VMC (Verified Mark Certificate, required only by Gmail): v = BIMI1; l = https://example.com/logo.svg; a=https://example.com/certificate.pem

When your email is delivered to a BIMI-supported provider, it checks your DMARC policy and retrieves your BIMI text record. Once your logo is found, the mailbox provider will attach it to your email in the recipient’s inbox.

Which Mailbox Providers Support BIMI?

As far as BIMI, it’s a relatively new email authentication standard; only some inbox providers are supporting it. Here is the list of mailbox providers that support BIMI according to the BIMI group:

Inbox providers supporting BIMI:

  • Apple Mail
  • Cloudmark
  • Fastmail
  • Google Gmail
  • La Poste
  • Onet Poczta
  • Yahoo!
  • Zone

Inbox providers considering BIMI:

  • Atmail
  • BT
  • Comcast
  • Qualitia
  • Seznam.cz
  • Gmx
  • Yahoo! Japan

An Inbox provider not supporting BIMI:

  • Microsoft

How BIMI Works: The Main Requirements and Set-up Process

BIMI implementation seems complicated and intimidating, especially for businesses new to email authentication standards and just starting to adopt these security measures. But we’ll try to walk you through some of the steps that you need to take to set up BIMI correctly:

  1. Achieve DMARC enforcement: BIMI works only for domains that are already DMARC compliant and have achieved p=quarantine or p=reject. You can check this guide out for detailed information and everything-DMARC.

  2. Acquire a Verified Mark Certificate (VMC): BIMI uses this certificate to make sure you have ownership over your logo. This step is optional for mailbox providers and is only required for Gmail. We’ll cover more about this in the next section.

  3. Create a secure URL for your logo: Make sure you have your brand’s logo located at a secure URL in SVG format.

  4. Create a secure URL to your VMC: Make sure you have your VMC located at a secure URL in .pem file format.

  5. Generate a BIMI record: Now that you have completed all the previous steps, you can generate the BIMI record, and add this TXT record to your domain provider's management console. You can use our free BIMI record generator tool for easier implementation:

  1. Check for an existing record: To check if your domain uses BIMI, use our free lookup tool and see if your record meets the requirements.

This is the overall process of setting up BIMI. If you are not experienced in IT or work as an email administrator, this process may be too technical for you. You can contact us any time to help you set up BIMI for your organization. Now, let’s jump to VMC and fully understand its requirements.

Introduction to VMC

As you noticed, for a proper BIMI implementation, VMC or a verified Mark Certificate is a must for mailbox providers like Gmail. VMC is a certificate that verifies that you are the legal owner of your logo and have the right to display it next to your emails in the inbox.

Using your logo with this certificate makes it harder to spoof, as it’s verified by the trademark organization. Now, let’s go through the step-by-step process of acquiring VMC:

  1. Become DMARC compliant

    Just like BIMI, for VMC, becoming DMARC compliant is compulsory. This is the first and most important step in not only acquiring the certificate but also adopting BIMI as an email authentication standard.

  1. Trademark your logo

    Next, you need to register your brand logo as a trademark in an intellectual property office or make sure that it’s already trademarked. Currently, this step is required to qualify for VMC. However, in the future, the standard may expand and include not-registered logos as well.

  1. Ensure your logo is formatted correctly

    Before applying for the certificate, ensure that your logo is in a proper .svg format.

  1. Register for the certificate

    Contact DigiCert or Entrust certificate authority to request your VMC. By the way, we have partnered with DigiCert to make the BIMI implementation easier and smoother for our customers. As soon as your request is approved, you’ll receive the Privacy Enhanced Mail __(PEM)__file. Upload it to your public web server, and you’re ready to go.

What Does BIMI Mean For Your Business?

The blue checkmark next to the verified users on social media is not something new, and we all know about the impact it has on us while interacting with such profiles. It’s similar to what we have here with emails, except this blue checkmark indicates that the domain owner has gone through email authentication processes and reached the DMARC “reject” policy.

It helps recipients be sure that the email they just received comes from a legitimate source and is authenticated. As verification becomes widespread, more and more businesses are expected to adopt such measures. As a result, phishing emails and any attempt of impersonation will become even more obvious, and your users will instantly identify and ignore them.

Now, let’s highlight some key benefits of adopting BIMI:

  • Enhance Your Brand Value

Proper BIMI implementation also means having DMARC, SPF, and DKIM authentication standards in place. This demonstrates your commitment to email security and how important it is for your brand to protect your customers and subscribers from cyber attacks.

  • Build Trust

As already mentioned above, BIMI builds trust in your email communication. It helps your consumers have confidence in engaging with your content and be sure that the messages are authenticated with DMARC.

  • Increase Deliverability and Boost Marketing Campaigns

With a verified BIMI logo, your emails stand out from the rest in the inbox. This not only encourages more open rates but also lowers the chance of being reported, marked as spam, or unsubscribed. Such metrics play an important role in enhanced email deliverability and more effective marketing campaigns.

Creating a valid BIMI record and putting it into action may seem challenging at first. However, it’s becoming increasingly popular as phishing attacks continue to evolve. More and more brands are adopting this email authentication standard, making the safety and protection of their users a priority for them.

Written by easydmarc | DMARC Journey Made Simple
Published by HackerNoon on 2023/10/17
ABOUTHow hackers start their afternoons. We publish tech stories and build publishing software.

READEntirely free library read by hundreds of millions to learn anything about any technology.

WRITEHackerNoon elevates quality technology writing far and wide across the interwebs.

PARTNERHackerNoon works directly with tech companies to place ads by content relevancy