What Is BIMI, Why You Need It, and How To Implement It in 2022

What is BIMI

BIMI is a hot topic these days and there’s much talk about its benefits for email deliverability and brand recognition especially after Gmail announced its BIMI support in July 2021. Let’s look at what this acronym means, what it’s for, and how to use the new security standard to your advantage.

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. It’s a tool that provides a unified way for brands to show their logos in recipients’ mailboxes. Without BIMI, all you can see there are just uniform letters in colored circles. Here’s Yahoo showing how it looks on desktop and mobile:

In desktop clients, you have to open an email to see the logo. On mobile devices, you see logos straight away. Source: Yahoo

In desktop clients, you have to open an email to see the logo. On mobile devices, you see logos straight away. Source: Yahoo

Put another way, BIMI is an email authentication method, part of the set that includes SPF, DKIM, and DMARC. Like the rest of them, it’s basically a record, a TXT file that “lives” on the sender’s Domain Name System (DNS) server.

Their jobs are different, but BIMI is the only one “visual” of them:

  • SPF specifies the mail servers that are allowed to send emails for your domain.
  • DKIM confirms the sender’s identity using a digital signature.
  • DMARC tells email providers what to do with an email depending on SPF and DKIM.
  • BIMI contains the URL to a company’s logo.

Those records interact and depend on each other, so although technically you only need DMARC to have a BIMI, with DMARC being SPF/DKIM-aligned, you cannot have one without the other.

The adoption of SPF started in the early 2010s and BIMI is the latest installment in the “series” which makes it an important milestone in the history of email security. All the methods exist to prevent domain owners from being faked. Without them, emails would look suspicious to recipients and email services and end up in spam.

The AuthIndicators Working Group leads the BIMI movement and includes companies like Google, Verizon Media, Validity, and others. The first formalized spec for BIMI was published in February 2019. Now, after a couple of years of testing and trialing, it’s a full-fledged standard ready for use by anyone.

How does BIMI record work?

When a person receives an email, their email provider starts the verification process looking for all security records. As BIMI works alongside DKIM, when a bulk email platform checks for DKIM, it looks for the BIMI also. If it’s there, a provider now has the URL leading to the location of a logo. If the records match, it pulls in the image to display alongside your message.

Some email services (Gmail among them) also need your BIMI record to contain a Verified Mark Certificate (VMC). It’s a certificate that provides evidence that you indeed own your logo as a trademark. More on VMC later in this article.

Benefits of BIMI for email marketing

BIMI’s advantages are mainly about security, deliverability, and better marketing.

Avoiding phishing attempts

According to the FBI’s 2020 Internet Crime Report, phishing was the most common crime in digital space last year, with almost all those attacks arriving by email.

BIMI acts as something with the potential to make phishing attempts more obvious when adopted universally. The new standard makes it easier to identify messages that aren’t legitimate which is especially beneficial for commonly impersonated brands and financial organizations like banks. For example, if your bank has been sending you emails with a logo and then suddenly started doing it without it, it’s a good reason to get suspicious.

Can’t a fraudster just copy a BIMI and attach it to their emails? Or else copy a logo?

They can’t. The thing is, since you can’t have BIMI without DMARC, a fraudulent email will come from a domain different from the one specified in the record, and that means spam for an email service.

So, in essence, BIMI means not only good looks but better security by its definition.

Making your emails stand out among others

But what about those good looks? BIMI has them, too.

There’s much informational noise around us with all the messengers, social networks, and emails. 10 seconds — this is how much time your subscribers are willing to give to your message, according to Litmus’ 2021 State of Email Report. In such a competitive environment, you have to do everything in your power to at least draw their attention to your message.

Plus, many studies have shown that people process images much better and faster than text content. So the presence of a beautiful meaningful logo instead of bland letters means an improved UX. Want to capitalize on it to the fullest? Implement BIMI now, while it’s still new and only the minority of brands use it.

Another feature of BIMI is that it allows you to create a unique logo for each domain and subdomain. This way, you can make separate logos for different departments or products or even change the logo, adapting it for holidays or events.

A festive and “ordinary” Target logo. Source: Target
A festive and “ordinary” Target logo. Source: Target

Giving you more control and enhancing your brand value

And last, and not least, with BIMI, your emails (and respectively the brand in general) will look more solid and trustworthy which means fewer unsubscribes and spam complaints and better deliverability. BIMI’s a kind of visualization of the efforts put into implementing and optimizing DMARC and the rest of the security measures.

BIMI also means standardized and easy management of logos because while you have the means to add logos to your emails without it, this process is more complicated, it’s different with every email service, and sometimes needs the involvement of third-party tools and platforms.

BIMI gives you more control over your brand and increased brand value in the inbox. From the brand awareness perspective, there’s nothing better than showing off your logo one extra time. And the sweetest thing is that it works even when people don’t even open your emails even if you can’t track it precisely at the moment.

BIMI’s benefits in numbers

Numbers speak better than words. After a year of a pilot program, BIMI has something to show now.

The first comes a survey by Red Sift and Entrust. BIMI means:

  • Increased open rates by 21%.
  • Increased average purchase likelihood by 34%.
  • Increased brand recall by 18%.
  • Increased confidence in email by 90%.

According to Litmus’ 2021 State of Email, only 9% of users are currently using BIMI but 56% plan to use it in the future.

Mailbox providers and email clients supporting the standard

The use of BIMI is limited, though the list of its supporters and adopters grows with time. This is the current state of BIMI availability, as shown on the official AuthIndicators Working Group’s website:

Source: AuthIndicators Working Group
Source: AuthIndicators Working Group

How to implement BIMI

OK, but how to become BIMI compliant?

You need to go through several stages that consist of setting up DMARC compliance, setting up your logo, and updating your DNS.

  1. Be DMARC compliant

First, as we said already, you need additional authentication records set up for BIMI to work, including SPF, DKIM, and DMARC. You can set them up yourself or ask for the help of your system administrator or your ESP of choice. Here’s a manual on how to set up email authentication in Selzy. Even if your ESP is different, the process should be similar.

What to make sure of for your logo to display correctly:

  • The DMARC domain and subdomain policies should be either “quarantine” or “reject”.
  • The percentage subdomain policy cannot be set to anything less than 100pct.

Check the Implementation Guide for more detailed instructions.

  1. Create your BIMI logo

With DMARC done, you’re halfway there. Now choose the logo you want to display.

The main recommendations are that your logo image should be:

  • SVG file type
  • Square
  • Free of text
  • Less than 32KB
  • With white or transparent background.

Once you’ve got your SVG file, store it in a publicly accessible server hosted via HTTPS and enter the URL in the BIMI DNS record.

  1. Acquire a VMC

Now, what’s a VMC?

A Verified Mark Certificate is a digital certificate that confirms your rights to use a certain logo as an officially registered trademark. In other words, this is where you make absolutely sure that an email comes from you and not from someone else pretending to be you.

For now, not all email services require the presence of VMC for BIMI compliance. But Gmail is among those who do and it looks like it will be a required element for all mailbox providers in the future.

VMC is perhaps the only BIMI’s catch: it’s not free. Currently, only 2 certification authorities have the right to issue it:

What’s more, if you want to use several logo variations, you have to provide separate VMCs for each one of them. Many entrepreneurs and marketers agree that it can be a hurdle for the majority of small businesses.

  1. Update DNS

Now comes the step when you publish a BIMI record for your domain in DNS.

Here’s how you format a BIMI record:

default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL]

Better still, you can use the BIMI Lookup & Generator to generate a BIMI record for your domain.

  1. Check for BIMI

After updating your DNS settings, give it about a day and then go to the same BIMI Lookup & Generator. It also lets you check whether a domain has a BIMI record set up.

For example, CNN is one of the real-life examples of BIMI’s use. So if you check cnn.com in the BIMI Lookup & Generator tool, you’ll see that CNN’s domain is indeed BIMI compliant:

pic

Groupon, Aetna, The Home Depot are other examples of top brands that use BIMI.

Note that, at the moment, you still can add a logo to your emails without BIMI, and since only about 10% of companies are BIMI compliant, it means that the majority of brands displaying logos in your inbox do it some other way. For example, messages from Canva come with a colorful logo, but if you check canva.com, the lookup tool will tell you that “BIMI record not found for canva.com”. Yet, BIMI is the only way that can bring any security benefits.

  1. Troubleshooting

If you’ve done everything and it’s still not working, you might want to get help from your IT specialists, ESP, or reach folks at the BIMI Working group.

Some ideas to help you with possible difficulties:

The bottom line

The advantages of BIMI:

  • It protects senders and recipients from phishing attacks and promises better security and deliverability.
  • It makes your messages more visible to your target audience which improves your email metrics.
  • It gives you better control of how your brand looks.

Once you’ve implemented BIMI, we advise you to measure success and compare the “before” and “after” metrics.

BIMI is a full-fledged email standard so we believe that is not a fad, but it’s here to stay, and not just in emails.