What is BIMI? How do you implement BIMI?

Last Updated, 2020-08-01 email-delivery email-authentication

Brand Indicators for Message Identification abbreviated as BIMI is an email specification which gives a brand the flexibility to decide on what logo should appear as sender in all outgoing email messages. 

Example of an email with no sender logo:

No Sender Logo

Example of email with BIMI- Sender Logo

There is no platform to define BIMI. It's just a set of DNS based instructions which you will be passing to an email client requesting them to show your logo in the email messages. BIMI doesn't guarantee the display of your logo as it works only with the supported email clients.

The adoption of BIMI is currently in its early stage. Yahoo has been the first one to extend its support for BIMI. And, now with Gmail announcing its support for BIMI in 2020, this topic has started trending among email marketers. 

BIMI is an open framework built to create trust between a sender and receiver. So, its usage is not limited in email as a channel. Instead, the opportunities are endless. Linkedin has been one of the core members for supporting this initiative, so very soon its adoption might increase across social media platforms and messaging apps like WhatsApp, Telegram and even in different mobile payment solutions.

It is important to understand what BIMI is, why email giants are so serious about this, and how this is going to affect your email delivery.

In this comprehensive BIMI guide, you will learn the A-Z of BIMI with its implementation steps and ways to improve your email delivery rates.

Frequently asked questions

Is it mandatory to implement BIMI?

BIMI is not a compulsory email specification to implement. But, at the same time, no marketer will want to leave a branding opportunity on the table. Hence, the adoption of BIMI is bound to increase, and over a period, our preview panes will be full of brand logos.

In such a scenario, the emails without a logo might be considered less trustworthy and will have lesser chances to get open.

On the other hand, BIMI adopters with their logo getting displayed in the recipients' inboxes will get an extra edge to stand out and get more opens.

Definitely BIMI is not going to uplift your open rate drastically, but, over a period, email messages without a logo may secure lesser trust by someone to read.

So, what BIMI is indirectly helping you to achieve is Higher Sender Reputation and ultimately higher email deliverability rates for your future email messages.

Higher Open Rate = Higher Engagement Rate = Higher Sender Reputation= Higher Email Deliverability Rate

But, as mentioned implementing BIMI alone doesn't guarantee your logo getting appeared in the emails. So, you should be focusing on the relevancy of your email messages too.  

BIMI opens the door for innovation in the favicon/smaller version of logos.

List of Mailbox Providers and Email Clients Supporting BIMI in 2020

Not all mailbox providers and email clients have started giving support for BIMI. So, even if you have implemented BIMI records and have enabled enforced DMARC policy, this doesn't mean that your brand logo will start appearing in all the mailboxes. In this section, you will get the list of mail providers who is currently giving the support for BIMI and to what extend:

List of providers currently in the beta phase of supporting BIMI:

  • Verizon Media Group (Yahoo, AOL etc)
  • Gmail

Both of these providers are currently running a pilot with selected brands who is having a good sender reputation. Having said that you should ensure your BIMI and required DMARC records are anyways in place.

List of providers currently in the planning phase to support BIMI:

  • Comcast
  • Fastmail

List of providers with no support for BIMI:

  • Microsoft
  • 1&1
  • Yahoo Japan

This list is last updated on 1st July 2020. Source: BIMIGroup

Why is BIMI getting so important and trending?

With the evolution of internet and technology, the phishing, spoofing, and fraudulent emails are also on the rise. You must be hearing news, around fraudulent transactions, accounts getting hacked and many a time people losing their privacy too.

In this new era, it is important to have strong authentication and identification mechanisms to catch hold of the spammers. And, BIMI is an important step towards that. 

Importance of BIMI among MailClients/Email Service Providers

Not even 1% of the email users are aware of the industry set SPF, DKIM or DMARC frameworks, and you can't be expecting them to read the email headers to identify the source IP and what all validations are getting failed. Therefore, it's important to give some visual representation to help users identify the spammers and protect losses at a very early stage.

As per Retruster 2019 Security stats, last year 76% of businesses and 60% of American families reported they being a victim of one or the other phishing or scam attacks. These numbers are enough for the industry to take some immediate steps. And, BIMI is one such outcome focusing on helping the user identify the authenticity of the sender.

At the same time, the adoption of BIMI will increase among mail clients or email service providers because it is directly promoting the adoption of DMARC among the organizations.

Currently, spammers can enter your mailboxes with fraud brand identify, like you receiving lottery emails from coca-cola or you receiving a fake overseas job offer from big brands. But, once the adoption of BIMI will increase, it will automatically increase the adoption of DMARC with strict policy rules (i.e. either quarantine or reject). With such strict DMARC policy check in place, many of the brands impersonated emails will not be able to see the light of inbox nor even be able to make out their doors for spam folders too.

BIMI, along with DMARC, is going to enhance the email security layer for many sensitive business units like banks, payment gateways, social media platforms, donation platforms and online retailers.

Importance of BIMI among brand and email marketers

Marketing executives are looking BIMI as an opportunity to market their brand without even getting an email open.

As per research, email users spend less than a second reading on a particular subject line in a preview pane. If your subject is not engaging enough, then you will be missing on the opportunity to get a click.

Till now, subject line and the sender name was the most deciding factor in getting an email open, but now with the launch of BIMI users will start seeing the brand logo in their preview panes which will add up to their decision making to open an email.

That's precisely why email marketers around the globe are so desperate to include BIMI as a part of their email programs.

Many have started looking this, as a new hack to get better visibility in front of their email subscribers to get more opens.

Having said that this is going to create new opportunities for the designers to innovate with logos or favicons to make their brand stand out in the email preview pane.

How is BIMI going to impact the email industry?

Every marketer, wants their email to be highly engaging and not want to leave any branding opportunity to lose money on the table.

Therefore, in the next 1-2 year, most of the good senders across the globe will be forced to comply with DMARC. Because unless the DMARC is not in place with the right set of rules, you will not be even eligible for BIMI.

This increase in DMARC adoption will drastically decrease the number of fraudulent emails which have currently been able to get delivered to user's mailbox.

At the same time, this will help anti-spam filters in deciding which email to accept and which one to reject.

Let's take an example you might be receiving fraud emails from or which are currently somehow been able to manage to reach your mailbox while of course most of the time in spam only. But, once these companies will start adopting DMARC, then any sender who is retrying to send fraud using these domains will no more be able to deliver the emails because BIMI demands DMARC to be set to either reject or quarantine.

The real success of DMARC and BIMI as together will only happen when all traditional mail clients like Thunderbird, Outlook, native IOS, Andriod mail clients and many others will start adding support for DMARC and BIMI checks together.

BIMI is going to be a great booster in the adoption of DMARC globally. Thanks to the entire BIMI group to make this happen.

It's going to be a reward for all good senders for following the strong authentication standards.

How to implement BIMI?

BIMI seats on the top of DMARC and demands for a strict DMARC enforcement rule to be set by the sender. BIMI will not work if the required DMARC authentication fails. 

BIMI requires a strict DMARC rule (explained below) to be set on your domain to comply with high standards of authentication. 

Having a strict DMARC record helps the receiver to decide on what to do with emails where the brand's domain is getting misused. And, at the same time receiver knows whether it is safe to show the brand-defined logo or not. Once, the logo appears, this increases the visual trust of the reader on the authenticity of the email.

Leveraging on an existing authentication framework is probably the best part of BIMI, which is going to strengthen the email ecosystem.

In the next sections, you will learn what DMARC enforcement is and how to implement BIMI for your emails.

What is DMARC Enforcement?

A DMARC record without enforcement is really of no use. It's like checking everyone at the door but letting everyone come inside. DMARC is effective only when a strict enforcement policy is in place.

DMARC enforcement refers to a specific parameter in the TXT record, indicated by "p". In this parameter, the domain owner can set the mail handling instructions for the receiving server. To enable DMARC enforcement, the value of p in the DMARC record can be either "p=quarantine" or "p=reject" without gaps such as sp=none or pct<100. 

In case of DMARC authentication failure, the receiving mail server will check the value of "p", and based on it the email will be either quarantined or straight away rejected by the server.

Steps to implement BIMI for your emails

1. Implement SPF and DKIM: This is the first step to get your domain ready for BIMI. You need to not only implement SPF, DKIM and DMARC but also need to ensure domain alignment across the two. You can achieve domain alignment by updating the SPF and/or DKIM must be authenticated using your From Domain. 

2. Implement DMARC with enforcement policy: You need to set up the DMARC record on the From domain. While setting up the DMARC record, you must keep the value of p to either "p=quarantine" or "p=reject" with no sp=none and no pct<100. Enabling enforcement policy on your emails shows the seriousness about the type of emails you will be sending and in return going to help you build a positive sender reputation with the receiver. Here is a sample DMARC record with enforcement enabled: TXT v=DMARC1; p=quarantine; sp=none; fo=1; ri=3600;;

3. Publish a BIMI record: The next step is to create your BIMI compatible logo. Currently, BIMI specifications support only a square-shaped image in SVG format. This SVG logo should be hosted publicly and must be accessible via secured HTTPS. As the logo will appear in a small area, so it is recommended not to add too much detailing and think it like a favicon image of your brand. Once the logo is ready and hosted on a public HTTPS URL, you can go ahead with updating the BIMI record on your DNS.

Here is an example of a BIMI record published for TXT 
v=BIMI1; l=; a=;

You should connect with your developer or IT team to get these records implemented. Based on your hosting/nameserver provider, the exact steps to publish these records in your DNS may vary.

The most common issues while implementing SPF, DKIM, DMARC or BIMI record is the use of line-wraps, newlines, or whitespaces. Please ensure you're copying and updating the correct record without any additional characters.

The requirement for obtaining a Verified Mark Certificate (VMC) also referred to as BIMI certificate is optional, but with the growing adaptation, the requirement for a BIMI certificate will also increase. In a recent announcement, Google has recommended email senders to use Entrust Datacard and DigiCert as the Certification Authorities to validate their logo ownership.

Why is my BIMI logo not appearing in emails?

Even if you have set up a full compliance SPF, DKIM, DMARC and the correct BIMI record, this doesn't guarantee that email receiver will display your brand logo. This wired thing happens primarily for two reasons:

  1. The receiver doesn't have support for BIMI. Please check whether the receiving mail server is there in the list of BIMI support email clients.
  2. Your current sender reputation is low to qualify for BIMI logo display. Currently, measuring a sender reputation is very subjective and, none of the ISPs publishes this. But there is a recommended checklist to check the health of your sender reputation. You can also request for a domain health report.

BIMI checklist for building sender reputation 

  1. Build a high sender reputation by sending high engaging emails with lower bounces, unsubscribes and spam complaints.
  2. Your sender domain should not be a part of global DNSBLs or RBLs list. Use domain blocklist checker to know the latest blocklist status of your sender domain.
  3. Consult with a trusted authority to issue a Verified Mark Certificate (VMC) for your sender domain. Currently, this is optional, but if your sender reputation is excellent and still BIMI logo not appearing, then this is worth trying. Once the certificate is issued, you should add that as a part of your BIMI TXT record.

If you have some questions on setting up the BIMI record on your Pepipost emails, then feel free to message me.

Image Icon

Build Sender Reputation with Pepipost

Your one stop partner for all email delivery problems

Signup to PepipostIt is easy and free. No credit card required.