Why do I need BIMI?
Linking your logo to an email is challenging and there are hundreds of thousands of brand & logo combinations. Each mailbox provider or email interface (MUA) interested in displaying logos is required to create a unique system for management and display of logos. This results in complex, hard to maintain, proprietary systems that frequently leave brands frustrated with the logos associated with their emails. BIMI helps standardize logo display for participating organizations. As an added bonus, BIMI provides an additional incentive for brands to adopt proper email authentication.
How does BIMI work?
Domain Owners (Brands) publish brand assertions for domains via DNS.
Then, for any message received by a Mail Receiver (mailbox provider):
Why should I implement BIMI?
BIMI allows Brands to have control over logos displayed with their email. It is important to know that BIMI is not a security solution, although it does incentivize the use of authentication. BIMI allows for communication between you and mailbox providers so your brand logo can be displayed if your sending domain is verified and has a good sending reputation.
Where will my BIMI logo currently render?
Currently, your brand indicator will appear next to your emails at Verizon Media Group (Yahoo/AOL) and other mailbox providers have announced intentions to adopt in the near future.
How do I Implement BIMI?
What are the logo specifications?
Key Value Propositions for Brands/Email Senders
Value prop for MBP/ What’s in it for the Mailbox Providers
Questions about BIMI?
Q: What is BIMI?
A: Brand Indicators for Message Identification or BIMI (pronounced: Bih-mee), is an emerging email specification that allows organizations to leverage successful DMARC enforcement in a new, visual consumer-facing manner. BIMI is a way to leverage the consumer trust you’ve built using DMARC in a tangible manner for customers by placing your logo next to your email when it arrives in the consumer inbox. BIMI brings DMARC and a visual representation of your brand to the forefront of your customer touch-points.
Q: What is DMARC Enforcement?
A: DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. DMARC protects against unauthorized use of your domain, which prevents fraud and protects your brand by ensuring your consumers only receive email actually sent by you.
Q: What does BIMI have to do with anti-abuse?
A: BIMI provides a meaningful incentive to help organizations complete their DMARC implementations, which will dramatically reduce fraud in inboxes worldwide. We hope the benefits of this standard will spur greater DMARC adoption of organizations of all sizes, thereby, making the entire email sending and receiving community safer.
Q: What will my experience as a “Brand” and my customers be?
A: Your brand may already experiencing the heightened value of DMARC enforcement with the reduced risks of owned-domain phishing and greater customer interactions provided by high-levels of email authentication. BIMI increases your brand’s value through direct customer impressions adding onto the risk reduction and increased consumer trust provided by DMARC enforcement.
Q: What do I need to do to operationalize BIMI on my end?
A: You will need an email sending domain with a DMARC policy of at least quarantine or reject. You will need to obtain a Verified Mark Certificate. You will need a logo for which you own the mark hosted on a URL that follows the specification parameters. (SVG format, perfect square, transparent background). From there, build a simple BIMI DNS record (link here) and publish it to your DNS.
Q: How does BIMI technically work?
A: BIMI requires an organization to publish a new standardized DNS record for a domain they own containing a URL to a logo and proof the logo has been validated. An organization will publish a BIMI Record containing these URLs. A supporting Mailbox Provider (MBP) will check the sending domain’s DMARC policy and check that it is included in the BIMI validation. If both checks are successful, the MBP uses the logo from the URL in the BIMI Record to populate the profile pic of all email sent from that domain into the MBP.
Q: Does BIMI use any technical means to validate the published logo from the l= tag with those listed in the certificate?
A: The proposed spec relies on the organization and Mark Validating Authority to correctly assert domain and trademark ownership by means of the certificate generation process. BIMI will not for instance validate if the logo you’ve chosen to display is the “correct shade of blue”. It’s up to the domain and mark owner to select the correct logo to use.
Q: What is a Mark Verifying Authority (MVA) and a Verified Mark Certificate (VMC)?
A: A Mark Verifying Authority (MVA) is a third-party organization (not an email sender or ESP) who provides the service and accepts the responsibility of completing and issuing a Verified Mark Certificate (VMC). The process outlined by the BIMI standard uses both technical and “real-world” attributes to verify that an organization who owns a domain has the legal right to choose to display the trademark associated with it in the certificate. The certificate validates the domain can be connected with an organization.
Q: Does BIMI allow me to support multiple domains and logos?
A: Yes, BIMI can support multiple domains and subdomains as well as multiple logos and trademarks. Each Certificate can only support one logo, but it can support multiple domains.
Q: Does the display of a logo promote user trust?
A: Studies to date are about the security impact of logo display are inconclusive. Studies indicate email users prefer richer experiences. We are working to gather additional information about the impact of logo display.
Q: What is the benefit of BIMI for Mailbox Providers?
A: BIMI promotes authentication, which is ultimately useful in protecting against fraud. BIMI’s goal is to promote message authentication and to allow brands to control display of their logos on email they send.
Q: Why should I display logos?
A: Displaying logos allows Mailbox providers and app developers to create a richer, more engaging consumer experience, and connect brands and their consumers in a more meaningful way.
Q: Why don’t I create my own system to handle logos?
A: BIMI allows mailbox providers and app developers to leverage and display logos at scale without pulling logos from questionable sources. Maintaining a proprietary system is a maintenance and support headache. Additionally, BIMI provides verification that logos are approved by a 3rd party (Mark Validating Authority).