How BIMI can authenticate emails with your logo

The technology that helps brands authenticate their emails is constantly evolving. BIMI offers a new way to verify your brand’s information, making it one of the most interesting innovations out there.

BIMI stands for Brand Indicators for Message Identification. This emerging standard in the e-mail ecosystem gives an edge to your company on strengthening its reputation as a sender: the logo.

BIMI, like other authentication methods (SPF, DMARC, and DKIM), is a text record that resides on your servers. It leverages the current DMARC policies and other supporting authentication methods, i.e. DKIM and SPF. But what sets BIMI apart is that it lets you display your company logo in supported inboxes so that your brand can be front and center.

Indeed, email authentication plays a fundamental role in deliverability since it reassures ISPs about the sender. Businesses don’t need to worry about providers’ spam filters when verifying an email sender. Sent messages arrive at their destination. At the same time, the users themselves are better protected and safe from email scams (i.e. phishing) that falsify the sender to deceive users.

BIMI works with SPF, DMARC, and DKIM to signal to email clients that you… are you.

BIMI allows domain owners to coordinate with mailbox providers (MBP), email clients (MUA), and the Message Transfer Agent (MTA) in displaying brand-specific indicators next to correctly authenticated messages.

The recipient’s email service looks for the BIMI text file to verify the sender when a message is delivered. This record contains a URL to a logo. We’ll take a look at its requirements shortly. A mail provider will check the DMARC policy of the sending domain and verify that it’s in the BIMI validation. If both are positive, then the e-mail service can insert that logo next to the message in the recipient’s inbox.

Why would you need BIMI if you’re already implementing SPF, DKIM, and DMARC in your email program? BIMI adds another piece to the sender authentication puzzle, meaning it can help you improve the deliverability of your mailings. By requiring stronger authentication, users and provider security systems have more trust in the email source. On the other hand, companies that use BIMI safeguard their reputation by preventing fraudulent IP use.

The most interesting BIMI news is that it offers a visual clue straight to the inbox. Users who receive your authenticated emails see your logo next to your sender name. This way, they can quickly identify your messages and be sure they come from you. This translates into a better user experience—something that shouldn’t be underestimated if you want to strengthen your brand-customer relationship.

As Gmail completes its pilot project to support BIMI—which will allow organizations that authenticate their emails with DMARC to validate ownership of their company logos and transmit them securely to Google—new, official documents have been published by the BIMI Working Group. Be sure to stay up-to-date on these if you want to use BIMI for your emails.

The IETF draft (updated July 31, 2020) lists the requirements for senders wanting to take advantage of BIMI:

1. All emails must be authenticated with SPF and DKIM.
2. Senders must have a robust DMARC policy. Robust means “p=quarantine” or “p=reject”, so avoid “p=none” or “pct <100”. Note that the requirement is on the organization’s domain, not its subdomains. So if I use a subdomain as the sender’s address (e.g.: marketing@m.mailup.com), then the application should be on mailup.com and not just on that subdomain. Creating a subdomain-only policy isn’t enough to display your logo.
3. BIMI-compatible images must be square with a solid background color and saved as an SVG (Scaled Vector Graphic). They must also follow the constraints defined in the SVG Tiny Portable/Secure profile. You’ll find a short tutorial on Valimail on how to create BIMI compatible logos using SVG images.
4. Brands are required to obtain a digital certificate verifying the brand’s authenticity/ownership (VMC – Verified Mark Certificate) in order to display a BIMI logo. To do so, they must:

• register the logo at the national trademark office
• contact one of the BIMI-qualified certification authorities

5. BIMI records must be published correctly in the DNS. Want to create or check your BIMI record? Use this Online Generator.

Trust-based authentication systems like SPF, DKIM, and DMARC enable senders to provide explicit, accurate, and reliable information about the source of their messages. BIMI still isn’t available for all mailbox providers, but it’s clear that it’ll become the new standard to visually verify secure communication between the brand and the recipient.