While browsing through your inbox, have you ever wondered why some emails have their brand logo, while many others don’t? The purpose of that logo is to signify the sender as verified. The presence of brand logos has become a matter of email security. That’s why the Authindicators Working Group developed an email standard known as BIMI.
Over time, BIMI has evolved into a necessary element for branding and recognition. In the same stream, BIMI has also become an indirect medium for branding for the companies that carry out email marketing. Email marketers are always cautious about their reputation when they send emails to their subscribers and other communications. For these marketers, BIMI provides an authentication mechanism for emails that gives a sense of trust to recipients.
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
What is BIMI?
BIMI stands for Brand Indicators for Message Identification. It is currently one of the most widely used email standards for recognition and branding of an organization. It builds on the work that organizations put into deploying DMARC (Domain-based Message Authentication, Reporting, and Conformance) and furthers its objective. It is an email authentication standard that secures email senders and receivers from email-based attacks like spamming, email domain spoofing, etc.
The purpose of using BIMI is to ensure brand image and reputation. There is a pre-specified condition that stipulates that for BIMI-enabled brand-owned logos, an email domain is required to pass DMARC authentication. It has been kept to ensure that the organization’s domain has not been impersonated. BIMI aims to provide email recipients and email security systems with greater confidence in verifying the source of emails. With an increase in the intensity and frequency of email spoofing and brand impersonation attacks, a need for greater authentication specifications like BIMI has been realized.
How Does BIMI Work?
Organizations that have secured their email domains with DMARC, SPF and DKIM authentication can provide their verified trademarked logos to Google via a Verified Mark Certificate (VMC). Mark Verifying Authorities, like Certification Authorities, verify the logos for ownership, documenting the certification in a Verified Mark Certificate (VMC). As mentioned above, emails have to pass Google’s anti-abuse checks, after which Gmail starts displaying their source organization’s logo in the existing slot for it provided in its UI.
Why Should Organizations Implement BIMI?
Along with other email authentication protocols such as DMARC, SPF, and DKIM for outbound emails, BIMI furthers the agenda for the prevention of brand impersonation. Some of its benefits are mentioned below.
- It provides organizations with a way to display their brand in a more impactful way.
- It improves your organization’s brand recognition.
- As a precondition of DMARC authentication associated with BIMI, it helps the receiver in establishing the source of the email and the email domain security measures that the sender has in place.
- BIMI increases the value and ROI on the investment made in the implementation of DMARC.
- It has a mechanism for managing all your logos to make sure that the correct one is employed.
Many organizations have started to implement BIMI and since mid-2021, the email domain has provided data to DMARC.org of DNS with BIMI records. By the end of 2021, around 11,265 BIMI records have been reported. However, among all the BIMI records, only 330 had VMC certificates. Below is a snapshot of the new DMARC records from March 2021.
How to Implement BIMI in Your Email Domain?
BIMI records, like other email authentication protocols, are text files hosted on DNS. Once the email service provider approves the text file, then it finds the sender’s logo and places it in the inbox. However, there are some fundamental and crucial steps taken to set up BIMI:
- Implement SPF, DKIM, and DMARC protocols on your email domain.
- Get access to the DNS record and set up the BIMI record.
- Make sure to have the SVG file of your logo placed in the BIMI record.
- One can have a verified mark certificate (VMC), which is optional but important.
Most of the mainstream email providers support BIMI, but there are a few providers who are yet to implement this feature. The BIMI is an emerging email standard, which is still in the development phase. At this point, Entrust and DigiCert serve as Certification Authorities to support BIMI. However, the BIMI working group envisages the expansion of this list of validation authorities.
Google’s Support for BIMI
Google, with the objective of securing the entire email ecosystem, has been putting in place a lot of defences against email spoofing and impersonation. In line with this, Google previously announced its BIMI pilot, enabling organizations that provide their email domains with DMARC authentication to validate the ownership of their corporate logos and securely transmit them to Google.
Gmail displays the logos of organizations on their emails in its UI in the recipients’ inbox after passing them through Google’s anti-abuse checks.
Recently, Google announced its general support for this email specification and said that it’s rolling out will be done over a period of some weeks.
What are the Specifications of Logo while Implementing BIMI?
The specification for a logo used for BIMI is a crucial element. That’s why the logo must be formatted in such a way that it is easily and effectively recognizable. The parameters of specifications often include size, resolution, format, etc. So, one must follow the specifications mentioned below for the logo:
- The image should be in a square shape.
- The format of the image should be Scaled Vector Graphic (SVG).
- It shouldn’t include any <script> tags.
- It shouldn’t include any external links.
- It must be the same logo that has been trademarked for the brand.
How Can TDMARC Help You?
TDMARC is a SaaS-based tool that allows you to implement and configure email authentication protocol and monitor your outbound emails. It ensures that all the security parameters are in check and thus prevents email-based attacks. The tool allows you to implement the BIMI standard in your email, which in turn helps you during email marketing in the following ways:
BIMI is directly beneficial in email deliverability as in current times, it is directly dependent on the reputation and authenticity of your email domain. BIMI provides another parameter to the domain improving the probability of landing emails in the inbox. This is because BIMI can only be implemented after all the email authentication protocols have already been implemented.
Domain reputation is another crucial parameter that is calculated to determine the quality of a domain. BIMI can directly help the organizations improve their domain reputation.
Read more about How to Increase Domain Reputation and Email Deliverability?
Building Brand Trust
The digital world is already observing a rise in email phishing and spamming, which is driving email marketers to incorporate practices that could inculcate trust in their subscribers. Thus, BIMI facilitates a goal for organizations to mark their emails to their subscribers as trustworthy and instill confidence in them. When your subscribers see your brand logo in the email, it immediately instigates trust in them.
Implementing BIMI is not an easy process. However, with the help of an appropriate security solution, one can implement all the email authentication protocols including BIMI in a straightforward manner.
How to Implement BIMI using TDMARC?
TDMARC is an email domain security tool that comes with a wide range of features designed to make outbound email security easy. Some of its outstanding features include Smart DMARC, Smart SPF, and DMARC Record generator.
However, TDMARC’s Smart BIMI feature allows you to set up and manage a new BIMI record for your domain from the dashboard itself. This feature makes BIMI setup very easy.
It is therefore advisable to use a top-of-the-line email domain security tool like TDMARC, which can help you with outbound email security in multiple ways.