Ah, the elusive logo next to emails in the inbox. Where do they come from, and how do you get them to work for you? One method is BIMI, and today we’re going to cover everything you need to know to make sense of this latest email acronym.
There are several ways to get your logo associated with your email messages (and we touch on some below), but we'll focus on BIMI here.
What is BIMI? #
I don’t blame you for asking. Honestly, it sounds like a new Scandi-style furniture company, or maybe an app for experiencing what it’s like in another person’s shoes (could someone please build that??).
But really BIMI stands for “Brand Indicators for Message Identification”, which is an attempt to give trusted senders control over how their brand is represented in messaging services. For participating mailbox providers like Yahoo, that means BIMI adopters will have the logo they choose displayed in their recipients’ inboxes.
The AuthIndicators Working Group was founded in 2015 to drive the adoption of DMARC authentication, and they’ve been working hard ever since. Josh Aberant, the group’s co-founder, shared that “the goal is the creation of a standard with the scalability and robustness needed to reach mass-market adoption. It’s been gratifying to see how much progress BIMI has made since 2015, and I look forward to seeing even wider adoption as work progresses.”
Why is BIMI so important for marketers? #
BIMI is valuable for both senders and mailbox providers largely because of improved security. Of course, the added benefit of standing out in an inbox is nice, too. Seth Blank, AuthIndicator Working Group’s chair, noted that “BIMI is an exciting case where marketers and security professionals are aligned.”
Here are the three main reasons your brand would want to get on board with BIMI.
It leverages behind-the-scenes security updates #
You can’t have BIMI without DMARC implementation. That means that if you want to display your logo in participating inbox providers automatically, you need to make some behind-the-scenes changes. In the end, you protect your brand reputation and ensure nobody is impersonating your domain.
It helps subscribers avoid phishing attempts #
There's an argument that BIMI better trains your customers to recognize messages from you, so you're protecting them by making it easier to identify messages that aren't legitimate. The BIMI framework has protections against illegitimate senders spoofing logos. This makes BIMI especially powerful for more at-risk businesses like banks, social media platforms, and major retailers.
It makes your messages stand out #
The most obvious advantage for BIMI-compliant mail is the brand's logo in the inbox, which helps your messages stand out and encourage more opens. 🙌
How does BIMI work? #
When a company wants to become BIMI compliant, they create and publish a new DNS record that includes a URL to their logo. When the mailbox provider checks your DMARC (in your "From" domain's DNS TXTrecord), it looks for a BIMI record. That record is simply a batch of text containing the URL for your brand's logo and information on any Verified Mark Certificates (VMC) you may have. If the records match, they display the logo.
A note on VMCs #
Rewind. What’s a VMC? A Verified Mark Certificate attests that you do own the trademark for your logo. They aren’t universally required yet, but they could become the standard in the future. Indeed, it appears that Gmail may require it as they get closer to fully supporting BIMI.
CNN was the first company to earn a VMC back in 2019, but you can now get a VMC of your own. Your logo needs to be trademarked first if you want to qualify. Then, you’ll work with a Mark Verifying Authority (MVA), like Entrust Datacard or Digicert, to get your certificate.
BIMI rollout is limited (for now) #
Although a larger group of providers is developing BIMI, right now, it's only live in production at Yahoo via webmail or their mobile mail app. Gmail currently only has a private pilot for BIMI, but we're expecting them and Comcast to announce public adoption soon. ⏳
Here’s a summary of what we know about BIMI availability:
- Yahoo: Pilot publicly available with no VMC requirement (right now)
- AOL: Pilot publicly available with no VMC requirement (right now)
- Gmail: Currently in private pilot with a VMC requirement
- Netscape: Pilot publicly available with no VMC requirement (right now)
- Fastmail: Working towards a pilot
- Comcast: In the planning stages
- Microsoft: No BIMI support
How do you implement BIMI? #
If you're brand new to the world of DMARC, you can read our comprehensive guide to DMARC to get more familiar with it.
Getting BIMI up and running consists of three steps—setting up DMARC compliance, setting up your logo, and updating your DNS with the BIMI TXT record. Here’s what you need to know about each step.
DMARC Compliance #
The first and most important step towards BIMI is full DMARC compliance. That means SPF and/or DKIM for all mail must be authenticated using your From domain.
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transactional.cnn.com; s=v2; ...
From: CNN <email@example.com>
Once complete, that From domain also needs either a “reject” or “quarantine” DMARC policy. This process shows receivers that you’re conscientious of the types of messages your brand sends and why you send them, building your reputation as a sender.
v=DMARC1; p=reject; rua=mailto:firstname.lastname@example.org
Need help implementing DMARC?
DMARC Digests makes DMARC implementation and monitoring easier than ever.
BIMI logo image #
Next, you’ll need to create your BIMI logo image. The recommendations right now are an SVG formatted file designed as a perfect square, hosted publicly accessible via HTTPS. Make sure there are no taglines or extra text in it since this logo will likely be displayed too small to render anything like that. Matt Vernhout has a good tutorial for how to do this over on EmailKarma.
If you’re going to go the extra mile with a VMC, this is the stage you’d do it.
Update DNS #
Now comes the DNS changes to announce your participation in BIMI. The basic setup is “v=BIMI1; l=logoURL;” as a TXT record for default._bimi.yourdomain. As an example, CNN currently publishes the following:
v=BIMI1; l=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.svg; a=https://amplify.valimail.com/bimi/time-warner/gf2-6sjViJc-cnn_com_vmc_2021-01-06.pem
Some brands may want to have multiple logos for different use cases, but this “default” selector above works as-is for all mail.
BIMI troubleshooting #
If you’ve followed the BIMI setup steps and still can’t get it to work, there are a few troubleshooting tools to use.
- Use a tool like DMARC Digests to ensure your authentication is working correctly
- Use a BIMI lookup tool to make sure your record meets BIMI compliance
- Check the BIMI FAQ page for resolutions to common issues
- Make sure your logo is in the proper format with an SVG conversion tool
How to build your BMI Reputation
And finally, even if someone does all the technical things right, receivers won’t display logos from senders they don’t trust. Right now there are two ways to build your BIMI reputation:
- Maintain an excellent sending reputation via high engagement with low bounces and spam complaints. Keep in mind that this reputation is subjective to each mailbox provider.
- Some mailbox providers may require you to obtain a verified mark certificate (VMC). That means you'll need to work with a trusted authority which is then listed in your BIMI TXT record with your logo for the receiver’s reference.
Real-life examples of BIMI #
Since BIMI implementation is still in the early stages, there can be confusion around who has it, how to check for it, and what it looks like.
How to check for BIMI #
The easiest way to check if a company is using BIMI is with a BIMI lookup tool. There are a few to choose from already:
They all work in mostly the same way: enter a domain, and they’ll tell you if it's BIMI ready or not. They’ll also list the BIMI record (if there is one), whether or not the logo is certified (with a VMC), and what the logo looks like in a desktop and mobile setting.
Not all email logos are created equal #
Now that you have BIMI verification tools at your fingertips, you can see who is actually BIMI ready and who just has a workaround.
That’s right. It’s possible to have a logo displayed in Gmail inboxes without being fully BIMI compliant. Some of the logos you see in your inbox could be there through a combination of Google Annotations or updating the profile picture of their Google admin account. While you can use these methods to get the attention-grabbing effects of a logo before the full Gmail BIMI rollout, keep in mind there are no security benefits with this method.
Let’s look at a few senders who have a logo next to their messages but aren’t using BIMI.
Outdoor Voices has a logo in their promotional Gmail messages, but the BIMI Group tool didn’t find a record or logo. However, the email address they used has a Google Profile image set up. It's a great workaround to get the attention of Gmail users.
Similarly, Kiva has a logo in Yahoo but no BIMI record through the Agari checker.
What BIMI looks like on web and mobile
The OpenTable logo also appears in a Yahoo desktop inbox. Since Gmail BIMI is in a small, closed pilot right now, the OpenTable logo in Gmail inboxes may result from the profile picture method we explored earlier.
If you’d like some advice on setting up BIMI for your Postmark messages, definitely give me a shout!
But even if your email messages aren’t quite ready for BIMI adoption, keep in mind that it’s an open standard for use by any sender and receiver. That means we’re expecting it to show up not just in inboxes, but social media platforms, messaging apps, and even document and fund transfer services. Heck, someone should use it in a Transporter so Rian can boldly say “BIMI up, Scotty!” The possibilities are endless.