In today’s digital age, email remains a critical communication channel for businesses. But with the ever-growing threat of phishing scams, it’s becoming increasingly difficult for brands to ensure their emails land in inboxes and are recognised as legitimate. Brand Indicators for Message Identification (BIMI) is a new email specification that helps businesses address this challenge by enabling them to display their brand logos alongside authenticated emails.
What is BIMI?
BIMI stands for Brand Indicators for Message Identification. It’s an emerging standard that builds on existing email authentication protocols like SPF, DKIM, and DMARC. When a recipient’s email client supports BIMI and the sender has implemented BIMI correctly, the recipient will see the brand’s logo next to the email address in their inbox. This visual cue helps recipients easily identify legitimate emails from trusted senders and builds trust and brand recognition.
Why is BIMI Important?
BIMI offers several benefits for businesses:
- Increased brand recognition: By displaying your logo next to your emails, BIMI helps recipients instantly recognise your brand and distinguish your emails from phishing attempts.
- Improved inbox placement: Studies have shown that emails with logos are likelier to be opened and clicked on. This can lead to improved marketing campaign performance and customer engagement.
- Reduced phishing attacks: Phishing emails often spoof a sender’s identity. BIMI makes it more difficult for phishers to impersonate your brand, protecting your customers and reputation.
How Does BIMI Work?
BIMI leverages existing email authentication protocols:
- SPF (Sender Policy Framework): SPF verifies the authorised email servers for a domain.
- DKIM (DomainKeys Identified Mail): DKIM cryptographically signs emails to ensure they haven’t been tampered with in transit.
- DMARC (Domain-based Message Authentication, Reporting & Conformance): DMARC tells email receivers what to do with emails that fail SPF or DKIM authentication.
To implement BIMI, a business must have DMARC properly configured with a “p=none” policy (or a stricter policy). Then, a BIMI record is added to the domain’s DNS (Domain Name System) record. This record points to an SVG file containing the brand logo and specifies other BIMI parameters.
Here’s a simplified breakdown of the BIMI implementation process:
- Set up SPF and DKIM: Ensure you have SPF and DKIM properly configured for your domain.
- Implement DMARC: Implement DMARC with a “p=none” policy (or a stricter policy).
- Create a BIMI logo: Design a logo following the BIMI logo specifications (see BIMI group website).
- Host the logo: Host the logo on a publicly accessible web server.
- Create a BIMI record: Create a BIMI record in your domain’s DNS record pointing to the hosted logo and specifying other BIMI parameters.
Benefits of BIMI Selectors as explained on the BIMI Group website:
BIMI selectors, a feature mentioned on the BIMI group website How and Why to Implement BIMI Selectors, allows a brand to use different logos for the same domain. This can be useful for organisations with multiple sub-brands or for situations where a different logo might be more appropriate for a specific type of email.
Common Mark Certificates (CMCs) – Making BIMI More Accessible
While BIMI offers significant advantages, it has traditionally relied on Verified Mark Certificates (VMCs) for logo verification. VMCs can be expensive and time-consuming to obtain, particularly for smaller businesses. This limited the reach of BIMI.
The BIMI group recently introduced Common Mark Certificates (CMCs) to address this challenge. CMCs are a more affordable and accessible alternative to VMCs. They are issued by authorised Certificate Authorities (CAs) and rely on a simpler validation process. Google’s support for CMCs has opened BIMI to a wider range of businesses, including smaller brands.
