What is BIMI? Will it Help Brands Gain Consumer Confidence?
BIMI is an upcoming standardization in the email marketing industry. It stands for Brand Indicators for Messaging Identification. In addition to the existing authentication protocols like SPF, DKIM, and DMARC, BIMI allows brands to display authenticated emails with their certified logos in a user's inbox.
In this week's podcast, Dennis Dayman hosts Seth Blank and Matthew Verhout. I'll let you know more about the guests in a while but let's talk about what we discussed in the podcast.
Key questions around BIMI:
- What is BIMI and do brands need it?
- Benefits of BIMI when we already have SPF, DKIM and DMARC
- What changes after the implementation of BIMI?
- How can you implement BIMI for your brand?
- What is the overall impact of BIMI on the email industry?
Dennis Dayman brings up these and many other questions related to the protocol to help listeners understand the new protocol perfectly!
About Seth Blank
Seth Blank is the VP of Standards at Valimail and chairperson at the BIMI Working Group.
For over 20 years, he has led teams to build profitable and scalable solutions to complex problems for clients in fields such as education, finance, entertainment, and technology. His recent business YourTrove was sold to Live Nation Entertainment in 2014 where he took over the platform, infrastructure, and data groups.
Seth has consulted many startups and larger brands on scaling and architecture for their business infrastructure.
About Matthew Verhout
Matthew Vernhout is Founder, Digital Marketing & Privacy Advocate, Author and Speaker in the email industry. He is a communication chair for the BIMI group.
He's a co-author of the book "A Complete Guide to e-Marketing under Canada's Anti-Spam Legislation"
With almost two decades of experience in email marketing, Matt is an industry veteran leveraging his background in privacy and network operations to help clients improve their digital marketing programs.
Over the years he has worked at several leading Email Service Providers (ESPs) including DoubleClick Email Solutions, Epsilon Interactive, Inbox Marketer, TC Media, and ThinData.
What is BIMI and Do You Need It?
Each year, billions of dollars are lost to phishing and spoofing attacks.Google published a report stating that 68% of all phishing on any given day is brand new and has never been seen before in the history of the corpus of email they’ve seen.
With almost 70% phishing emails being completely new for the biggest email service provider on the planet, how can customers know if an email is genuine or not?
That's where the need for BIMI came into the picture.
It's challenging to link your logo to your emails and there are thousands of official logo and brand combinations.
Without standardization, assigning the correct logo to a brand's email will be a difficult task. Every mailbox provider who wishes to display brand logos in their inbox interface will need an independently created system for the management and displaying. Also, third party attackers can use the logos for phishing attacks as there is no standard logo validation.
This leaves brands frustrated as the system becomes highly complex, and hard to maintain. Brands would need to individually cater to all the different standards set by different mailbox service providers.
That's where BIMI comes handy. BIMI helps standardize logo display for participating mailbox providers and organizations.
BIMI is for email, what verified profile tags are for social media.
Do brands need BIMI?
With BIMI, brands have a higher degree of control over what logos are displayed with their emails. Though it's not a security solution, displaying the brand logo requires strong authentication solutions on the mailbox provider side.
For highly phished brands, the addition of BIMI will show immediate benefits as their audience can identify genuine emails without a hassle.
Brands who aren't a phishing target, may not see much of a difference. However, the customers will see a difference with the displayed logos and gain assurance that the emails have arrived from a genuine source.
Benefits of BIMI when we already have SPF, DKIM, and DMARC
Dennis went on to discuss this really interesting question. How would brands benefit from BIMI and what should they expect.
So, BIMI creates an added layer for authentication for you as a brand to improve your credibility and trustworthiness within your email subscribers.
Large brands don’t use DMARC and then they open themselves up to tremendous amounts of phishing, which harms the brand, their customers and consumers, and their employees.
This new authentication system combines two aspects: authentication and branding.
Large organizations are often the targets of phishing attacks and attackers are getting smarter at impersonating brands these days. It's really hard to tell the difference between a genuine and a fake email.
Another aspect is branding. Marketers want their company's logo to be displayed in emails.
With BIMI, these two things are combined which is what will ensure wide adoption of this technology in future as it's a win-win-win situation for all the parties involved!
Yahoo! mail posted statistics on brands who have adopted BIMI early on, stating that displaying a brand logo results in higher open and click through rates overall.
What changes after the implementation of BIMI?
Next, the interesting questions. You've made up your mind or are at least considering adding BIMI to your authentication methods (and I highly suggest you do), you want to know what will change.
Here's what will change:
- A verified logo that attributes directly to your brand by the email service providers
- Impersonators cannot copy and display the logo in user inboxes since they won't be approved
- Customers begin associating your logo and your emails together and trust your emails more
- Displaying the logo helps your emails stand out in the inboxes
- Improves open rates
In the long run, BIMI will benefit all brands who enable it.
Put all the work now to get the pre-requisites in terms of logo certification and DMARC compliance so that you can reap the benefits when Gmail starts their BIMI program.
How can you implement BIMI for your brand?
The first thing to note is that the logos need to be created in a specific manner. Also, there are certain steps that you need to take in order to ensure complete compatibility with the BIMI standardization in the future.
1. Specifications for creating your logo in accordance to BIMI
Your brand needs a logo to be designed and formatted to be easily recognizable with your brand's identity.
Since it will be displayed in various resolutions, the logo needs to follow certain set of specifications to support the verification and security:
- The logo must be square
- Must be saved as a version of the Scaled Vector Graphic (SVG) format.
- Specifically, the SVG logo must follow the restrictions defined by the SVG Tiny 1.2 profile published by the W3C in 2008.
- The logo cannot include any <script> tags and should not include any external links.
As the specifications continue to evolve over the period of time, some mailboxes may require the logo to focus on the brand's legal logo registration type.
2. Steps for implementing the BIMI record
The steps for implementation are still in beginning stages and will change as all brands accept them. But the fundamental steps remain the same as below:
1. Authenticate all of your organization’s emails with SPF, DKIM and DMARC – ensure all are aligned
- DMARC policy must be at enforcement – either “p=quarantine” or “p=reject” on the organizational domain
- Get spf and dkim aligned with your domain.
2. Produce an an SVG Tiny 1.2 version of your official logo
- Follow the W3C – Scalable Vector Graphics (SVG) Tiny 1.2 Specification (as linked above)
- Square logo file
- Include a solid color background
3. Publish a BIMI record for your domain in DNS
- Add DNS records for BIMI - default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL]
- View your BIMI record BIMI Generator
There's an additional step, which currently is optional - Generating a VMC. Though, it is advisable to take up a Verified Mark Certificate (VMC) early on so you don't have to go through the waiting period.
As Seth and Matt mention in the podcast - The official release for BIMI is planned 7 months from now and having a VMC sooner, would reduce your waiting period when BIMI goes official.
The BIMI Group has a BIMI implementation guide which you can also follow through.
What's the impact of BIMI?
Google launched a BIMI pilot to test out the impact.
Yahoo! and AOL (Verizon companies) have already released BIMI to their live inbox and all your customers on those inboxes will see your verified brand logo if it is BIMI verified.
But the applications of this don't stop at email.
Once you get a VMC, your logo is completely attributed to your brand and no other brand, or website can use it as their own.
This will reduce phishing, surely. But that's just the beginning.
Similar to how different social media now show verified tags on their platforms for established businesses and celebrities, a BIMI verification could easily be extended over to other platforms for social media branding , business whatsapp accounts, chatbot, websites etc.
These logos can be automatically credited to the original brand whenever they're used across the internet.
The possibilities and uses of BIMI are endless and since it's in the infancy stages, the likelihood of it catching up quickly is much higher already!
This is just the beginning of BIMI. There's a lot more to come up in the future and we are just starting to see more uses and much wider adoption and applications of it.
If you find this post insightful, consider opting in for a Verified Mark Certificate (VMC) as soon as you can. Once the official release is made for the protocol, your brand would be armed with all that's required to go all in and add a level of security for your domain and trust in your customers.