BIMI

Consumers don’t trust emails as much as they once did. With inboxes being filled with spam and scams, it can be difficult for your consumers to trust emails from businesses and individuals they don’t know personally. With so much mistrust regarding email communications, brands must find ways to increase open rates and get customers clicking on their emails.

Your strategy of sending deals and newsletters isn’t enough. You must create an email marketing strategy that accounts for the different factors that affect open rates, including consumer trust. Ultimately, your customers have to trust you as a sender to open your emails and click on your content. One way you can build trust and increase open rates is by using BIMI to help your brand stand out.

Brand Indicators for Message Identification (BIMI) is an emerging security technology that helps authenticate your email marketing and builds trust with your customers. BIMI works with DKIM, SPF, and DMARC protocols to protect your domain from being used by malicious actors to send fraudulent email.

BIMI is an effective way to increase your open rates because it increases trust in your emails. BIMI allows your logo to appear right next to your messages in a user’s inbox, so that your contacts and their email service will know these emails are really from you or your business.

What is BIMI?

BIMI is a new effort to standardize the use and display of brand logos to help consumers avoid fraudulent and spam emails. It makes your email more visible to your contacts. While other emails have a blank space or generic icon next to them, your logo will set yours apart.

By putting your brand’s logo next to an email you’ve sent, BIMI allows consumers to instantly identify that the email they see is from your brand or business. This increases trust and open rates by clearly marking your email as legitimate.

Before BIMI, the steps to make your logo show up next to an email were specific to each email service your message was sent to. Sometimes the process was completely manual or relied on other applications to aggregate your brand information and share it across participating platforms.

The AuthIndicators group, which includes email service providers (ESPs) like Verizon Media, Google, IONOS by 1&1, and Fastmail, is working to implement BIMI within commonly used ESPs. Other companies, like Mailchimp, are also working closely with this group to help guide adoption and implementation processes.

Why is BIMI important?

For email marketers, protecting a brand against fraud is part of the job, but sending email securely can be complicated and time consuming. Because the tools available to protect your brand from malicious actors can be difficult to implement and test effectively, taking advantage of vulnerable domains and email addresses has become a lucrative industry for malicious actors.

The Federal Bureau of Investigation (FBI) reports that United States-based businesses lost more than $2 billion through email fraud between 2014 and 2019 because of just 2 email services. These fraud statistics are based solely on what individuals and businesses report to the FBI’s Internet Crime Complaint Center. This makes you wonder how much money—as well as opportunity—is lost but not reported.

More than 306 billion emails were sent every day in 2020. With so much clutter, it can be difficult to stand out. Even legitimate emails from trusted brands can get lost in a sea of spam.

Adding the security protocols and certificates to your domain that allow you to use BIMI also helps protect it from being misused. Since a domain is central to marketing your business online, you can protect your business’s reputation by implementing email authentication protocols. Securing your domain when sending email will help you avoid becoming a statistic in the FBI’s next email fraud report.

How does BIMI work?

BIMI uses a multistep process to validate email messages by making sure that they're really associated with the sender’s domain. Senders will need to have a TXT record in their domain name system (DNS) records for BIMI.

For BIMI to work, domains have to have several other fraud protections in place, including:

• Sender Policy Framework (SPF): authenticates emails by identifying mail servers that are allowed to send from specific domains
• DomainKeys Identified Mail (DKIM): adds a digital signature to each email to verify it was sent from an authorized domain
• Domain-Based Message Authentication, Reporting, and Conformance (DMARC): confirms both SPF and DKIM records and specifies how unaligned emails should be handled

When emails are sent using BIMI, the receiving mail server will first perform the standard DMARC/DKIM authentication and SPF validation. If the email passes these tests, the server will check to see if it has a valid BIMI record, validate it, and display your brand’s logo.

The file for your logo is required to be in a certain format called SVG Tiny Portable/Secure. SVG stands for Scalable Vector Graphics. Vector graphics, unlike pixel-based graphics like JPGs or GIFs, define the visual shapes and elements in an image with lines and points. This makes the graphic scalable, or easy to use at different sizes. Requiring a vector graphic with this secure format helps ensure that your logo looks good anywhere it’s displayed through BIMI.

Some ESPs may require a Verified Mark Certificate (VMC) to provide evidence that you own the trademark and content of the logo. Although this is not a requirement for implementing BIMI on your domain at this time, VMC is expected to become part of the standard in the future.

How does BIMI interact with DMARC, DKIM, and SPF?

The first step toward using BIMI to display your logo is to implement DMARC. This is stored as a TXT record for your domain. For DMARC to work with BIMI, the reject policy in that record must either be p=quarantine or p=reject for all emails being sent from your domain.

While BIMI requires DMARC, DMARC requires your domain to have DKIM records to work. DMARC only requires either SPF or DKIM to align, but it’s best to include SPF records for additional security when using BIMI. These 2 security tools are also stored as TXT records for your domain.

How do I get my logo in the right format?

You’ll need to convert your logo into the right type of file to use with BIMI. While vector graphic formats are a standard for logos—so they can be scaled to use as a tiny icon or printed on large banners or billboards—BIMI requires you to supply the logo in an appropriate secure vector format.

The AuthIndicators Group provides a helpful tool you can download to convert an SVG Tiny 1.2 file into the correct SVG Tiny P/S secure format. However, if you have a different file type, such as an unsupported SVG file, an EPS file, a PNG, GIF, or JPG, you’ll need to use image editing software or a file type converter to recreate your file in the correct format.

You’ll also need to make sure the file is the correct size and shape. The file must be no larger than 32KB and be square in shape. The background cannot be transparent, and a solid color is recommended. For best results, there should be space around the logo in case it’s cropped or clipped. You can see more detailed instructions and examples on the BIMI website.

What is a Verified Mark Certificate (VMC)?

A Verified Mark Certificate (VMC) is a digital registration that authenticates the ownership of a logo for use with BIMI. It adds another layer of protection by verifying the correct logo for use. While it’s not mandatory for use of BIMI at this time, some ESPs will require it to display your logo.

When you send an email to a contact, the receiving mail server that manages their inbox will take the URL from the tag that indicates where the logo is to be displayed. It will then check the VMC to ensure the right logo is used. Once your logo is verified by the VMC, BIMI will display it next to your email.

To get a VMC, your domain must have DMARC implemented. Your logo will need to be registered (and in good standing) with the US Patent and Trademark Office and owned by your company. While different countries will have their own guidelines, in the US authorized trademarks can be:

• Design marks: made up of only a design
• Word marks: contain words, letters, and/or numbers, without any particular font, size, color, or style
• Combined marks: include a combination of words along with a design, stylized letters, or numbers

Entrust Datacard and DigiCert are the first 2 companies issuing Verified Mark Certificates for the BIMI standard. You can contact them to help you obtain one.

How to set up BIMI

Setting up BIMI will require you to publish a DNS record along with an image of your brand logo in the SVG P/S format. You can use AuthIndicators Group’s BIMI Generator to help you make a properly formatted record.

The exact values you’ll need to put into your records will depend on the name of your domain, how you send email, and what version of your logo you want to use if you have more than one. For instance, here’s what domain records for example.com could look like using BIMI and what it would take to set it up.

1. Ensure DKIM/DMARC and SPF are already set and validated for your domain.
2. Confirm the DMARC TXT record for your domain has a policy of either p=reject or p=quarantine.
   If set to p=quarantine, pct must be set to 100, either implicitly (by omitting the pct tag) or explicitly (by setting pct=100).

3. Confirm that your logo is:

   • in SVG P/S format
   • the file is less than 32KB
   • the image shape is square
   • the background is a solid color.

4. Upload the image to a service of your choice, and save the https:// URL where it’s available for future reference.

5. Access your DNS records through your domain service provider. If you’re not sure how to access your domain records, reach out to the person or team that manages your website or email address for assistance.
6. Create a new TXT record at the default._bimi subdomain.
   For example:
   default._bimi.example.com
   The exact steps to create the subdomain and TXT record will depend on your domain provider’s service.
7. Add a value for the TXT record that includes the BIMI version (v=) and location (l=) of the logo file.
   For example:
   v=BIMI1; l=https://example.com/images/logo.svg;
8. If you have a VMC, include the authority (a=) with the URL for the certificate .pem file.
   For example:
   v=BIMI1; l=https://example.com/images/logo.svg; a=https://example.com/certificate/aa0-0aa/aa/aa-example_com_vmc_2021-01-01.pem
9. Save your new record and wait for it to propagate across the internet.
10. Use AuthIndicators Group’s BIMI Inspector to make sure everything is set up properly.

BIMI: FAQs

Who supports BIMI? Many email providers support BIMI, including:

• Gmail
• Yahoo
• AOL
• Apple Mail (for iOS16 and MacOS Ventura)
• Fastmail

Unfortunately, Microsoft products, including Outlook and Office 365, do not yet support BIMI, and no plans have been announced to do so.

What size should the BIMI logo be?

Your BIMI logo should be no larger than 32 kilobytes and must be in SVG format. Your logo’s background should also be a solid color, but it can be any color that matches your logo well. Transparent backgrounds may display differently, so if you’re unsure what to use, go with a white background that can make your logo pop on any email client. Your logo should also be square-shaped and centered, allowing each email client to configure it based on their display specs.

How do I check my BIMI record?

You can check to ensure your BIMI is working properly or see if you have a BIMI logo by using a BIMI inspector tool. With a tool like BIMI Group’s BIMI LookUp & Generator tool, you can ensure your BIMI record is found and see how your logo appears in different inboxes, including the Gmail app. With these types of tools, you can also see how your competitors are promoting their brands.

Wrapping up — BIMI

Email marketing is constantly evolving, and sending email campaigns isn’t enough anymore. You need your customers to actually trust your emails enough to open them. Of course, BIMI goes beyond just looking better in inboxes. The most significant benefit of BIMI is the fact that you can advertise your business even when subscribers don’t open your emails. Your logo in their inboxes is enough to generate awareness and keep your brand on top of consumers’ minds.

Because BIMI increases your email deliverability, your emails are less likely to be marked as spam by email providers, improving your email sending rates. Your BIMI logo will also help build trust. Seeing your logo next to an email will help customers understand who sent the email, making them more likely to open them.

Mailchimp’s email tools allow you to receive DKIM authentication on all of your sent emails, enabling you to use BIMI to display your logo in inboxes and increase the open rates and deliverability of your marketing emails. Sign up for Mailchimp today and get access to our all-in-one marketing automation tools so you can improve your email marketing campaigns.