BIMI stands for Brand Indicators for Message Identification. It’s a tool that provides a unified way for brands to show their logos in recipients’ mailboxes. Without BIMI, all you can see there are just uniform letters in colored circles. Here’s Yahoo showing how it looks on desktop and mobile:
In desktop clients, you have to open an email to see the logo. On mobile devices, you see logos straight away. Source: Yahoo
Put another way, BIMI is an email authentication method, part of the set that includes SPF, DKIM, and DMARC. Like the rest of them, it’s basically a record, a TXT file that “lives” on the sender’s Domain Name System (DNS) server.
Their jobs are different, but BIMI is the only one “visual” of them:
Those records interact and depend on each other, so although technically you only need DMARC to have a BIMI, with DMARC being SPF/DKIM-aligned, you cannot have one without the other.
The adoption of SPF started in the early 2010s and BIMI is the latest installment in the “series” which makes it an important milestone in the history of email security. All the methods exist to prevent domain owners from being faked. Without them, emails would look suspicious to recipients and email services and end up in spam.
The AuthIndicators Working Group leads the BIMI movement and includes companies like Google, Verizon Media, Validity, and others. The first formalized spec for BIMI was published in February 2019. Now, after a couple of years of testing and trialing, it’s a full-fledged standard ready for use by anyone.
When a person receives an email, their email provider starts the verification process looking for all security records. As BIMI works alongside DKIM, when a bulk email platform checks for DKIM, it looks for the BIMI also. If it’s there, a provider now has the URL leading to the location of a logo. If the records match, it pulls in the image to display alongside your message.
Some email services (Gmail among them) also need your BIMI record to contain a Verified Mark Certificate (VMC). It’s a certificate that provides evidence that you indeed own your logo as a trademark. More on VMC later in this article.
Why don’t I create my own system to handle logos?#BIMI provides a standard for mailbox providers to display the same logos across platforms. Additionally, it provides verification that logos are approved by a 3rd party.https://t.co/kVwRCQzgQ7
— BIMIgroup (@bimigroup) May 11, 2020
BIMI’s advantages are mainly about security, deliverability, and better marketing.
According to the FBI’s 2020 Internet Crime Report, phishing was the most common crime in digital space last year, with almost all those attacks arriving by email.
BIMI acts as something with the potential to make phishing attempts more obvious when adopted universally. The new standard makes it easier to identify messages that aren’t legitimate which is especially beneficial for commonly impersonated brands and financial organizations like banks. For example, if your bank has been sending you emails with a logo and then suddenly started doing it without it, it’s a good reason to get suspicious.
Can’t a fraudster just copy a BIMI and attach it to their emails? Or else copy a logo?
They can’t. The thing is, since you can’t have BIMI without DMARC, a fraudulent email will come from a domain different from the one specified in the record, and that means spam for an email service.
So, in essence, BIMI means not only good looks but better security by its definition.
What is the benefit of BIMI for Mailbox Providers?#BIMI promotes authentication, which is instrumental in protecting against some forms of abuse. This solution also aims to simplify the need for mailbox providers to support proprietary logo systems. https://t.co/kVwRCQzgQ7
— BIMIgroup (@bimigroup) May 8, 2020
But what about those good looks? BIMI has them, too.
There’s much informational noise around us with all the messengers, social networks, and emails. 10 seconds — this is how much time your subscribers are willing to give to your message, according to Litmus’ 2021 State of Email Report. In such a competitive environment, you have to do everything in your power to at least draw their attention to your message.
Plus, many studies have shown that people process images much better and faster than text content. So the presence of a beautiful meaningful logo instead of bland letters means an improved UX. Want to capitalize on it to the fullest? Implement BIMI now, while it’s still new and only the minority of brands use it.
Another feature of BIMI is that it allows you to create a unique logo for each domain and subdomain. This way, you can make separate logos for different departments or products or even change the logo, adapting it for holidays or events.
Does BIMI allow me to support multiple domains and logos?
— BIMIgroup (@bimigroup) April 29, 2020
Currently, #BIMI supports one logo for multiple domains and subdomains.
Read more FAQs here: https://t.co/SsAzaM8Q51
And last, and not least, with BIMI, your emails (and respectively the brand in general) will look more solid and trustworthy which means fewer unsubscribes and spam complaints and better deliverability. BIMI’s a kind of visualization of the efforts put into implementing and optimizing DMARC and the rest of the security measures.
BIMI also means standardized and easy management of logos because while you have the means to add logos to your emails without it, this process is more complicated, it’s different with every email service, and sometimes needs the involvement of third-party tools and platforms.
BIMI gives you more control over your brand and increased brand value in the inbox. From the brand awareness perspective, there’s nothing better than showing off your logo one extra time. And the sweetest thing is that it works even when people don’t even open your emails even if you can’t track it precisely at the moment.
Q: Tracking brand impressions via the BIMI logo?
— BIMIgroup (@bimigroup) October 9, 2020
A: No - the standard is designed to be privacy friendly and the logos will be cached on the MBPs side. Some aggregate reporting maybe available in the future, like DMARC RUA reporting information. @AntiFreeze @GlobalCyberAlln
The use of BIMI is limited, though the list of its supporters and adopters grows with time. This is the current state of BIMI availability, as shown on the official AuthIndicators Working Group’s website:
OK, but how to become BIMI compliant?
You need to go through several stages that consist of setting up DMARC compliance, setting up your logo, and updating your DNS.
First, as we said already, you need additional authentication records set up for BIMI to work, including SPF, DKIM, and DMARC. You can set them up yourself or ask for the help of your system administrator or your ESP of choice. Here’s a manual on how to set up email authentication in Selzy. Even if your ESP is different, the process should be similar.
What to make sure of for your logo to display correctly:
Check the Implementation Guide for more detailed instructions.
With DMARC done, you’re halfway there. Now choose the logo you want to display.
The main recommendations are that your logo image should be:
We get this question a lot, so we thought we'd make a full article about it!
— BIMIgroup (@bimigroup) June 1, 2021
Q: What dimensions do I use for my #BIMI images?
A: BIMI: Images and resolutions: https://t.co/61jVbduNBT
Once you’ve got your SVG file, store it in a publicly accessible server hosted via HTTPS and enter the URL in the BIMI DNS record.
Now, what’s a VMC?
A Verified Mark Certificate is a digital certificate that confirms your rights to use a certain logo as an officially registered trademark. In other words, this is where you make absolutely sure that an email comes from you and not from someone else pretending to be you.
For now, not all email services require the presence of VMC for BIMI compliance. But Gmail is among those who do and it looks like it will be a required element for all mailbox providers in the future.
VMC is perhaps the only BIMI’s catch: it’s not free. Currently, only 2 certification authorities have the right to issue it:
What’s more, if you want to use several logo variations, you have to provide separate VMCs for each one of them. Many entrepreneurs and marketers agree that it can be a hurdle for the majority of small businesses.
Now comes the step when you publish a BIMI record for your domain in DNS.
Here’s how you format a BIMI record:
default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL]
Format of a BIMI record: v= validation record format like other tech, l= SVG file location, a= Location of your VCM file.@AntiFreeze @GlobalCyberAlln
— BIMIgroup (@bimigroup) October 9, 2020
Better still, you can use the BIMI Lookup & Generator to generate a BIMI record for your domain.
Our most frequent question:
— BIMIgroup (@bimigroup) November 5, 2020
Q: "We have published our #BIMI record; how do we verify it’s working?"
A: Each participating mailbox provider has their own criteria for determining when a domain’s BIMI logo may be displayed.
More info here: https://t.co/SsAzaM8Q51
After updating your DNS settings, give it about a day and then go to the same BIMI Lookup & Generator. It also lets you check whether a domain has a BIMI record set up.
For example, CNN is one of the real-life examples of BIMI’s use. So if you check cnn.com in the BIMI Lookup & Generator tool, you’ll see that CNN’s domain is indeed BIMI compliant:
Groupon, Aetna, The Home Depot are other examples of top brands that use BIMI.
Note that, at the moment, you still can add a logo to your emails without BIMI, and since only about 10% of companies are BIMI compliant, it means that the majority of brands displaying logos in your inbox do it some other way. For example, messages from Canva come with a colorful logo, but if you check canva.com, the lookup tool will tell you that “BIMI record not found for canva.com”. Yet, BIMI is the only way that can bring any security benefits.
If you’ve done everything and it’s still not working, you might want to get help from your IT specialists, ESP, or reach folks at the BIMI Working group.
Some ideas to help you with possible difficulties:
The advantages of BIMI:
Once you’ve implemented BIMI, we advise you to measure success and compare the “before” and “after” metrics.
BIMI is a full-fledged email standard so we believe that is not a fad, but it’s here to stay, and not just in emails.
Q: Are there other use cases for BIMI beyond just email?
— BIMIgroup (@bimigroup) October 9, 2020
A: YES! Email is just the place we are starting, but you could see it appear in other places in the future like search, webstores, social.@AntiFreeze @GlobalCyberAlln
Others just make a list of ways. We actually explain how to make the most of each way.
21 surefire ways to grow your email list with detailed explanations and hand-picked examples. Based on research and 10+ years experience in email marketing.
