You've got mail. But how did it get here? A comic about an email's incredible journey through the Wild West of the internet.
x

What the heck is BIMI and why is it so important?

Ah, the elusive logo next to emails in the inbox. Where does it come from, and how do you get it to work for you?

One method is BIMI, which honestly sounds like a new Scandi-style furniture company. Today, we’re going to cover everything you need to know to make sense of this latest email acronym.

What is BIMI? #

Brand Indicators for Message Identification, or BIMI (pronounced bih-mee), is an email specification that enables email inboxes to display a brand’s logo next to the brand’s authenticated email messages.

BIMI
aims to give trusted senders control over how their brand is represented in messaging services. For participating mailbox providers like Yahoo or Gmail that means BIMI adopters will have the logo they choose displayed in their recipients’ inboxes. 
Screenshots of how an email looks Before and After using BIMI

The AuthIndicators Working Group leads the BIMI movement, and current members of the group include Google, Verizon Media, Mailchimp, and Valimail.

The AuthIndicators Working Group was founded in 2015 to drive the adoption of DMARC authentication, and they’ve been working hard ever since. Josh Aberant, the group’s co-founder, shared that “the goal is the creation of a standard with the scalability and robustness needed to reach mass-market adoption. It’s been gratifying to see how much progress BIMI has made since 2015, and I look forward to seeing even wider adoption as work progresses.”

Why is BIMI so important for marketers? #

BIMI is valuable for both senders and mailbox providers largely because of improved security. Of course, the added benefit of standing out in an inbox is nice, too. Seth Blank, AuthIndicator Working Group’s chair, noted that “BIMI is an exciting case where marketers and security professionals are aligned.”

Here are the three main reasons your brand would want to get on board with BIMI.

It leverages behind-the-scenes security updates #

You can’t have BIMI without DMARC implementation. That means that if you want to display your logo in participating inbox providers automatically, you need to make some behind-the-scenes changes. In the end, you protect your brand reputation and ensure nobody is impersonating your domain.

It helps subscribers avoid phishing attempts #

There's an argument that BIMI better trains your customers to recognize messages from you, so you're protecting them by making it easier to identify messages that aren't legitimate. The BIMI framework has protections against illegitimate senders spoofing logos. This makes BIMI especially powerful for more at-risk businesses like banks, social media platforms, and major retailers.

It makes your messages stand out #

The most obvious advantage for BIMI-compliant mail is the brand's logo in the inbox, which helps your messages stand out and encourage more opens. 🙌

How does BIMI work?  #

When a company wants to become BIMI compliant, they create and publish a new DNS record that includes a URL to their logo. When the mailbox provider checks your DMARC (in your "From" domain's DNS TXTrecord), it looks for a BIMI record. That record is simply a batch of text containing the URL for your brand's logo and information on any Verified Mark Certificates (VMC) you may have. If the records match, they display the logo.

A note on VMCs #

Rewind. What’s a VMC? A Verified Mark Certificate attests that you do own the trademark for your logo. They aren’t universally required yet, but they could become the standard in the future. Indeed, it appears that Gmail may require it as they get closer to fully supporting BIMI.

CNN was the first company to earn a VMC back in 2019, but you can now get a VMC of your own. Your logo needs to be trademarked first if you want to qualify. Then, you’ll work with a Mark Verifying Authority (MVA), like Entrust Datacard or Digicert, to get your certificate.

BIMI rollout is limited (for now) #

Although a larger group of providers is developing BIMI, it’s not live in all inboxes right now. Verizon Media was the first big provider to support BIMI for Yahoo! And AOL inboxes and Google announced BIMI support for Gmail in July 2021. We're also expecting Comcast to announce public adoption soon. ⏳

Here’s a summary of what we know about BIMI availability:

  • Yahoo: Pilot publicly available with no VMC requirement (right now)
  • AOL: Pilot publicly available with no VMC requirement (right now)
  • Gmail: Rolling out general support in July 2021 with a VMC requirement (right now)
  • Netscape: Pilot publicly available with no VMC requirement (right now)
  • Fastmail: Working towards a pilot
  • Comcast: In the planning stages
  • Microsoft: No BIMI support
A visual summary of which email providers currently support BIMI.
Image via BIMIGroup

How do you implement BIMI? #

If you're brand new to the world of DMARC, you can read our comprehensive guide to DMARC to get more familiar with it.

Getting BIMI up and running consists of three steps—setting up DMARC compliance, setting up your logo, and updating your DNS with the BIMI TXT record. Here’s what you need to know about each step.

DMARC Compliance #

The first and most important step towards BIMI is full DMARC compliance. That means SPF and/or DKIM for all mail must be authenticated using your From domain.

Return-Path: <bounce-cn3-ZH_CNNT_NDBAN11112020cdfcd=2@transactional.cnn.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transactional.cnn.com; s=v2; ...
From: CNN <cnn@cnn.com>

Once complete, that From domain also needs either a “reject” or “quarantine” DMARC policy. This process shows receivers that you’re conscientious of the types of messages your brand sends and why you send them, building your reputation as a sender.

_dmarc.cnn.com TXT
v=DMARC1; p=reject; rua=mailto:dmarc_agg@vali.email

Need help implementing DMARC?

DMARC Digests makes DMARC implementation and monitoring easier than ever.

Screenshot of DMARC Digests interface

BIMI logo image #

Next, you’ll need to create your BIMI logo image. The recommendations right now are an SVG formatted file designed as a perfect square, hosted publicly accessible via HTTPS. Make sure there are no taglines or extra text in it since this logo will likely be displayed too small to render anything like that. Matt Vernhout has a good tutorial for how to do this over on EmailKarma.

If you’re going to go the extra mile with a VMC, this is the stage you’d do it.

Update DNS #

Now comes the DNS changes to announce your participation in BIMI. The basic setup is “v=BIMI1; l=logoURL;” as a TXT record for default._bimi.yourdomain. As an example, CNN currently publishes the following:

default._bimi.cnn.com TXT
v=BIMI1; l=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.svg; a=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.pem

Some brands may want to have multiple logos for different use cases, but this “default” selector above works as-is for all mail.

BIMI troubleshooting #

If you’ve followed the BIMI setup steps and still can’t get it to work, there are a few troubleshooting tools to use.

How to build your BMI Reputation
#

And finally, even if someone does all the technical things right, receivers won’t display logos from senders they don’t trust. Right now there are two ways to build your BIMI reputation:

  1. Maintain an excellent sending reputation via high engagement with low bounces and spam complaints. Keep in mind that this reputation is subjective to each mailbox provider.
  2. Some mailbox providers may require you to obtain a verified mark certificate (VMC). That means you'll need to work with a trusted authority which is then listed in your BIMI TXT record with your logo for the receiver’s reference.

Real-life examples of BIMI #

Since BIMI implementation is still in the early stages, there can be confusion around who has it, how to check for it, and what it looks like.

How to check for BIMI #

The easiest way to check if a company is using BIMI is with a BIMI lookup tool. There are a few to choose from already:

They all work in mostly the same way: enter a domain, and they’ll tell you if it's BIMI ready or not. They’ll also list the BIMI record (if there is one), whether or not the logo is certified (with a VMC), and what the logo looks like in a desktop and mobile setting.

A screenshot of an email from Southwest failing a BIMI lookup
A screenshot of an email from CNN passing a BIMI lookup

You can see the BIMI readiness check for Southwest and CNN with the Valimail tool in the example above. That particular tool checks for DMARC enforcement, BIMI record, and logo certification.

Not all email logos are created equal #

Now that you have BIMI verification tools at your fingertips, you can see who is actually BIMI ready and who just has a workaround.

That’s right. It’s possible to have a logo displayed in Gmail inboxes without being fully BIMI compliant. Some of the logos you see in your inbox could be there through a combination of Google Annotations or updating the profile picture of their Google admin account. While you can use these methods to get the attention-grabbing effects of a logo, keep in mind there are no security benefits with this method.

Let’s look at a few senders who have a logo next to their messages but aren’t using BIMI. 

Outdoor Voices has a logo in their promotional Gmail messages, but the BIMI Group tool didn’t find a record or logo. However, the email address they used has a Google Profile image set up. It's a great workaround to get the attention of Gmail users.

A screenshot of a failed BIMI lookup.
A screenshot of an email from Outdoor Voices without the BIMI logo

Similarly, Kiva has a logo in Yahoo but no BIMI record through the Agari checker.

A screenshot of BIMI lookup tool Agari
Image via Agari
A screenshot of an email from Kiva that does have the logo included despite the failed lookup
Image via Agari

What BIMI looks like on web and mobile
#

If a company is BIMI compliant, its logo appears on both desktop and mobile. OpenTable passed the Valimail BIMI check, and the tool includes a mobile view in both light and dark mode.

A screenshot of a preview from Valimail of how your icons will look on mobile.

Image via ValiMail.

The OpenTable logo also appears in a Yahoo desktop inbox. Since Gmail BIMI is in a small, closed pilot right now, the OpenTable logo in Gmail inboxes may result from the profile picture method we explored earlier.

A screenshot of an email from OpenTable.

If you’d like some advice on setting up BIMI for your Postmark messages, definitely give me a shout!

But even if your email messages aren’t quite ready for BIMI adoption, keep in mind that it’s an open standard for use by any sender and receiver. That means we’re expecting it to show up not just in inboxes, but social media platforms, messaging apps, and even document and fund transfer services. Heck, someone should use it in a Transporter so Rian can boldly say “BIMI up, Scotty!” The possibilities are endless.

Anna Ward

Anna Ward

Head of Deliverability and professional picnicker.