Skip to main content

Understanding How BIMI Enhances Email Trust and Brand Visibility

· 6 min read
Hannes Palmquist
Hannes Palmquist
Senior Consultant Cloud

Overview

BIMI (Brand Indicators for Message Identification) is an email specification that enables organizations to display their brand logo alongside authenticated emails in recipients' inboxes. BIMI leverages existing email authentication standards, such as DMARC, to verify the sender's identity, ensuring that only emails passing authentication can display the logo. BIMI enhances brand recognition, fosters trust in email communication, and helps combat phishing by visually confirming the legitimacy of the sender.

Key Functions of BIMI:

  1. Increased Brand Visibility: BIMI allows businesses to display their logo next to emails, increasing brand recognition and engagement.
  2. Enhances Trust and Security: By linking logos to authenticated emails, BIMI helps recipients quickly identify trusted senders, reducing the risk of phishing.
  3. Builds on DMARC Authentication: BIMI requires DMARC authentication to function, ensuring that email is correctly authenticated and aligned with the sender's domain.

BIMI Workflow

  1. DMARC Authentication:
    • BIMI requires that the sending domain has a valid DMARC policy with either a p=quarantine or p=reject policy in place. Only emails that pass DMARC authentication are eligible to display the brand logo.
  2. DNS Query for BIMI Record:
    • After successful DMARC validation, the email client queries the domain's DNS for the BIMI record. This record contains the location of the sender's logo (in SVG format) that should be displayed in the recipient's inbox.
  3. Logo Display:
    • If the email passes DMARC and the BIMI record is found, the recipient's mail client downloads the logo and displays it alongside the email in the inbox, reinforcing the sender's brand identity.
  4. Verified Mark Certificate (VMC) (Optional):
    • Some email clients or providers may require a Verified Mark Certificate (VMC), which is an additional layer of security that verifies the logo has been certified by a trusted authority. This step is not mandatory for all implementations but adds credibility to the BIMI process.

BIMI DNS Record Details

The BIMI record is a DNS TXT record that specifies the location of the brand's logo in SVG format. This record enables mail servers to retrieve the logo once DMARC authentication is successful.

Name

default._bimi.[domain]

Example Value

v=BIMI1; l=https://example.com/logo.svg

Mandatory Tags

TagDescription
vSpecifies the BIMI version. The current version is BIMI1.
lSpecifies the URL where the brand's SVG logo is hosted. The format is l=[URL], and the URL must point to a .SVG file that complies with the BIMI SVG specifications.

Optional Tags

TagDescription
aSpecifies the URL for an Authority Evidence Document, such as a Verified Mark Certificate (VMC). This tag is optional and adds an extra layer of verification, ensuring that the logo has been certified by a recognized authority.

BIMI Logo Requirements

BIMI requires that logos be in a specific SVG (Scalable Vector Graphics) format to ensure they are displayed consistently across different email clients. The logo must adhere to the following guidelines:

  1. File Format: The logo must be in SVG format. It must not contain any scripts or external resources.
  2. Dimensions: The SVG logo should fit within a square aspect ratio (e.g., 1:1) to avoid distortion when displayed.
  3. Security: The SVG file should not include any potentially harmful elements (e.g., JavaScript, external links), as it will be served across different mail platforms.
  4. Brand Recognition: The logo must be representative of the brand, typically the same one used in marketing, websites, or other official communications.

Verified Mark Certificate (VMC)

A Verified Mark Certificate (VMC) is an optional component of BIMI that adds an extra layer of trust to the displayed logo. A VMC is a digital certificate issued by a trusted certification authority, verifying that the logo belongs to the brand and has been officially authenticated.

Benefits of a VMC

  • Logo Certification: Proves that the logo has been vetted and verified by a trusted third party, ensuring that the brand has the right to use it.
  • Enhanced Trust: Helps email clients and recipients trust that the email is legitimate and not a phishing attempt.

Benefits of BIMI

  1. Brand Awareness:
    • By allowing organizations to display their logo next to their emails, BIMI increases brand recognition and recall, making it easier for recipients to identify trusted senders in their inbox.
  2. Enhanced Trust and Engagement:
    • The presence of a familiar brand logo enhances recipient trust, improving email engagement rates and reducing the chances of email being flagged as spam.
  3. Phishing and Fraud Prevention:
    • BIMI builds on top of DMARC, ensuring that only authenticated emails from verified domains can display the brand's logo. This helps recipients easily distinguish between legitimate emails and phishing attempts.
  4. Strengthens Email Authentication:
    • BIMI encourages domain owners to adopt strong email authentication protocols, such as DMARC, by rewarding them with improved brand visibility in the inbox.

BIMI and DMARC

BIMI requires DMARC (Domain-based Message Authentication, Reporting & Conformance) authentication with either a p=quarantine or p=reject policy for it to function. Only domains that have DMARC properly configured and whose emails pass authentication checks can display their logos via BIMI.

DMARC Configuration Example

_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"

BIMI helps incentivize companies to implement DMARC because having a correctly configured DMARC policy is a prerequisite for displaying logos via BIMI.

Challenges and Considerations

Mail Client Support

  • Not all email clients or services currently support BIMI. Adoption is growing, but it's important to check whether your target audience's email platforms support BIMI logos. For instance, Gmail and Yahoo Mail are some of the prominent platforms that have implemented support for BIMI.

Logo Compliance

  • The SVG file must comply with BIMI's SVG specifications. If the logo file is not properly formatted or contains unsupported elements, it may not be displayed.

Requirement for DNSSEC

  • For domains using VMC, DNSSEC (DNS Security Extensions) is recommended to ensure the integrity of BIMI DNS records and protect them from spoofing attacks.

Conclusion

BIMI (Brand Indicators for Message Identification) enhances the email ecosystem by allowing brands to display their logos in recipients' inboxes, improving trust and engagement while helping users quickly identify legitimate emails. By building on DMARC authentication, BIMI adds a visual element to email security and brand recognition. As more email clients adopt BIMI, its role in improving email marketing and security will continue to grow, making it a valuable tool for organizations of all sizes.