10 minutes reading
In an age where email phishing attacks and overloaded inboxes are becoming routine affairs for businesses and consumers alike, making your brand a credible email sender is an even more critical task. And it is at this point that BIMI comes into the picture. In July 2021, Google made it known that they would start supporting BIMI with Gmail emails.
This concept is taking steps to become popular. Also, it is helping brands strengthen their reputation and boost trust among recipients. If you’re wondering what is BIMI, how it works, and how it affects your email campaigns, here’s what you need to know.
What is BIMI?
BIMI’s full form is Brand Indicators for Message Identification. It’s an emerging email specification enabling businesses to display their official logo and authenticated emails in their recipients’ inboxes.
To put it simply, BIMI acts like your brand’s visual signature in the email world. Just like a verified badge on social media platforms tells users they’re interacting with the real deal, BIMI does something similar; it adds your logo as a stamp of trust next to your emails.
Imagine this: you receive two emails—one from “[email protected]” with a familiar logo, and another with no image, just text. Which one do you trust more? Most people go with the first. That’s the power of visual identity.
BIMI relies on security as its main purpose, not just visual appeal. If your business utilizes BIMI effectively, this builds trust and improves your email deliverability rate (more emails land in the inbox and fewer go to spam).
Book a Free Demo Call with Our People Security Expert
Enter your details
Why Should You Care About BIMI Email?
If you send marketing newsletters, order confirmations, password resets, or promotional emails, they are cluttered and competitive. If your readers do not identify you immediately, they may ignore or flag the email as spam.
Here are several ways BIMI email can benefit your business:
- Boosts Trust: Visual branding reassures recipients that your company delivers the email.
- Higher Open Rates: A logo makes your email noticeable, thus increasing the chances of it being opened.
- Improves Deliverability: Email providers automatically prefer verified secure senders.
- Reduces Phishing Risks: Most phishing scams use spoofed identities. BIMI brings a new dimension of security because only authenticated domains can show logos.
- Strengthens Brand Recall: Frequent branding of your logo increases brand recognition.
A study by Red Sift and Entrust found that BIMI led to a 10% increase in email open rates, a significant jump that marketers can’t afford to ignore.
How Does BIMI Work?
You can think of BIMI as the final piece in your email security puzzle. But for it to work, several foundational elements must already be in place:
1. Implement Email Authentication Protocols
Before BIMI can be enabled, your domain must support:
- SPF (Sender Policy Framework): Represents the IP address to which an email can be sent on your behalf.
- DKIM (DomainKeys Identified Mail): DKIM (DomainKeys Identified Mail) ensures the content of the message is not altered.
- DMARC (Domain-based Message Authentication Reporting & Conformance): Ensures that your domain has no spoofers. DMARC is, however, needed for BIMI, and must be set up as “quarantine” or “reject”.
2. Create a Valid SVG Logo
Your logo must be in Scalable Vector Graphics (SVG) format and meet specific BIMI standards. This file is hosted publicly over HTTPS.
3. Get a Verified Mark Certificate (VMC)
Some mailbox providers, like Gmail, require a VMC issued by a certificate authority (such as DigiCert or Entrust). This certificate verifies your legal rights to use your logo.
4. Publish Your BIMI Record
You’ll add a BIMI record to your DNS settings. It tells receiving mail servers where to find your logo and VMC (if required).
5. Inbox Display
Finally, supported email clients (Yahoo Mail, Gmail, Apple Mail, etc.) fetch your logo and display it next to your authenticated emails.
All these steps work together to ensure your email is secure, verified, and instantly recognizable.
Real-World Example of BIMI in Action
Let’s take a real-world example: imagine you’re a customer of a global brand like American Express. You receive a transactional email confirming a recent purchase. Because American Express uses BIMI, its official logo appears beside the sender’s name.
Now, think about how much confidence that gives you. Instead of hesitating or double-checking the sender, you feel reassured. That small logo tells you the email is authentic.
BIMI and Email Security Guidelines
Let’s shift gears to security. While BIMI adds a branding boost, it’s fundamentally rooted in security protocols. To follow BIMI email security guidelines, make sure to:
- Enable SPF, DKIM, and DMARC: These three are non-negotiable.
- Use DMARC to “quarantine” or “reject”. This instructs mailbox providers to handle unauthenticated emails with care.
- Use a verified mark certificate, particularly if you are trying to reach Gmail users.
- Ensure secure HTTPS hosting: Your logo file must be available via a secure URL.
- Avoid outdated or non-compliant logos: Only SVG Tiny P/S profiles are accepted.
Following these practices allows companies to benefit from BIMI while greatly improving their email security posture.
How BIMI Improves Email Deliverability
You might be thinking, okay, logos and certificates are cool, but how exactly do these help my emails reach inboxes?
Here’s how:
1. Increases Sender Reputation
Mailbox providers like Gmail and Yahoo are more likely to deliver emails from domains that use authentication protocols and follow best practices like BIMI. It’s a signal that your brand is legit and not a spammer.
2. Boosts Engagement Rates
More opens mean more engagement. More action creates positive feedback for email providers, which makes them more likely to deliver your emails to the inbox.
3. Reduces Spam Reports and Complaints
When people perceive your brand logo and believe the email, they are less likely to label it as spam. Directly, that helps to improve inbox placement.
4. Builds Long-Term Trust with ISPs
Recurrent, authenticated sending behavior – in conjunction with BIMI – develops a long-lasting relationship of trust between you and mailbox providers.
5. Fight Email Fraud
Because BIMI only works with authenticated domains, it makes it harder for cybercriminals to impersonate your brand.
How to Implement BIMI for Your Brand
Here’s a simplified roadmap:
- Authenticate Your Emails
- Ensure SPF, DKIM, and DMARC are correctly configured.
- Set your DMARC policy to “quarantine” or “reject.”
- Design and Convert Your Logo
- Convert your logo to SVG Tiny 1.2 format.
- Keep it square and straightforward to avoid rendering issues.
- Acquire a Verified Mark Certificate
- Purchase from trusted certificate authorities like Entrust or DigiCert.
- Complete the vetting process (which can take a few days).
- Host the Logo Securely
- Transfer the SVG logo to an openly accessible HTTPS server.
- Create and Publish a BIMI DNS Record
Example:
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem"Test Your Configuration
- Utilize the advantage of tools like BIMI Inspector or MXToolbox to make sure everything is in order.
- Monitor Performance
- Keep an eye on email deliverability metrics.
- Watch for changes in open rates or feedback loops.
Google’s Support for BIMI
Google, with the objective of securing the entire email ecosystem, has been putting in place a lot of defences against email spoofing and impersonation. In line with this, Google previously announced its BIMI pilot, enabling organizations that provide their email domains with DMARC authentication to validate the ownership of their corporate logos and securely transmit them to Google.
Gmail displays the logos of organizations on their emails in its UI in the recipients’ inbox after passing them through Google’s anti-abuse checks.
Recently, Google announced its general support for this email specification and said that it will roll out will be done over a period of some weeks.
Platforms That Support BIMI
As of now, here are some platforms that support BIMI:
- Yahoo Mail
- Gmail (with VMC)
- Fastmail
- Apple Mail (via supported clients like iOS Mail)
Not all email providers support BIMI yet, but adoption is skyrocketing.
Is BIMI Right for Your Business?
Well, if you seriously want to save your reputation, enhance deliverability rates, and gain users’ trust, then yes. BIMI is worth considering. Whether you are a little start-up or the next global company, BIMI email can be worth the effort.
- For marketing teams, it boosts visibility and performance.
- For security teams, it adds a valuable layer of defense.
- For executive leadership, it represents a commitment to trust and professionalism.
It might take some technical work to get started, but the returns—in trust, engagement, and deliverability—make it a smart move.
How to Implement BIMI using TDMARC?
TDMARC is an email domain security tool that comes with a wide range of features designed to make outbound email security easy. Some of its outstanding features include Smart DMARC, Smart SPF, and DMARC Record generator.
However, TDMARC’s Smart BIMI feature allows you to set up and manage a new BIMI record for your domain from the dashboard itself. This feature makes BIMI setup very easy.
It is therefore advisable to use a top-of-the-line email domain security tool like TDMARC, which can help you with outbound email security in multiple ways.
Conclusion
If you’ve ever wondered what is BIMI, now you know: it’s an innovative blend of branding and security that improves how your emails are seen, received, and trusted.
We do live in a world of spam, where phishing is rampant and belief is delicate. BIMI provides a mechanism to cut through the noise in a visually secure manner that works.
If you don’t already, BIMI is a tool your digital toolbox should be equipped with. Whether you’re rolling out a new campaign or just want to protect your domain from fraud, it’s high time your brand cooled and took the leading role in every inbox.
Get it right, and you’ll not just come across as one more email in the pile-up. You’re the one who will open, read, and remember.
Editor’s Note: This post was originally published in November 2022 and has been partially revamped and updated for accuracy and comprehensiveness.
Frequently Asked Questions (FAQs)
Q: 1. What is BIMI, and how is it different from other email security protocols?
BIMI is not a security protocol of its own. Instead, it leverages existing protocols such as SPF, DKIM, and DMARC to bring an element of visual authentication to your recipients’ inboxes, displaying your brand’s logo.
Q: 2. Does BIMI assure my logo will appear in every inbox?
Not quite. Logo display depends upon the recipient’s email client supporting BIMI (brand indication messaging identifiers) and your domain meeting all implementation prerequisites, such as deployment of a verifiable mark certificate (VMC) where necessary.
Q: 3. How long does it take to implement BIMI?
Implementation time can vary. If you already have SPF, DKIM, and DMARC, then BIMI can be attached in a few days to a week. It, however, may take time to obtain and validate a Verified Mark Certificate.
