Curious how BIMI can protect your email? I’ll explain what BIMI is, how it works, and how you can use it to protect your brand’s email communications.
Brand Indicators for Message Identification, or BIMI, provides a standardized method for businesses to showcase their brand logo next to the subject line of their authenticated emails so they stand out in crowded inboxes, with built-in protections against brand spoofing.
Unlike other forms of email security, BIMI is noticeable and easily identifiable even to those who aren’t tech-savvy. And it helps prevent fraudsters from impersonating your brand in phishing emails targeting your customers and other consumers or businesses, while improving your email deliverability rates.
BIMI builds on the Domain-based Message Authentication, Reporting & Conformance (DMARC) standard for authenticating email. To use BIMI, businesses must have DMARC authentication in place, and they must establish a BIMI record that includes the URL for the location of the file containing the business’s logo.
A BIMI record is a type of DNS TXT record that is used to display your brand logo within the recipient’s email inbox if the email has been authenticated using SPF and/or DKIM, and DMARC–with the DMARC policy for the sending server is set at either p=reject or p=quarantine.
If your head is spinning from all these acronyms, here’s a quick overview of how everything ties together.
BIMI – Displays your company logo next to your email messages within supporting email inboxes, boosting brand visibility while providing a visual indicator that the message is legitimate and can be trusted.
DKIM – DomainKeys Identified Mail uses cryptography to ensure the email messages you send are not modified in transit.
SPF – Sender Policy Framework is a form of email authentication that ensures email messages being sent with your domain only originate from specific IP addresses.
DMARC – Works with SPF and DKIM to enable email providers to recognize when an email message isn’t coming from a specific brand’s approved email senders, and gives the brand the ability to set policies that tell email providers what to do with these unauthorized emails. (You’ll need this first if you want to use BIMI.)
When you combine BIMI with the standards above, you help secure your email messages and increase brand visibility at the same time.
As the primary and preferred means of communications between customers and the brands they do business with, email has never been more important to ongoing customer support and marketing–especially since the onset of the coronavirus pandemic. In 2020, the ROI from email marketing campaigns was as high as 4,200%, returning $42 for every $1 spent.
With inboxes more crowded than ever, boosting visibility warrants attention. And with the alarming rise in phishing attacks and business email compromise (BEC) scams over the past year, the ability to establish trust with that heightened visibility is likely to prove quite powerful.
BIMI was developed by a coalition of other industry leaders, including Agari. It provides a mechanism for a verified sender’s official logo to appear alongside email messages in space controlled by the email client, typically where user avatars or initials appear.
Gmail, Yahoo, AOL, Netscape, Fastmail and other major email providers have seen enough promise in BIMI to launch pilots in support of it, and we expect rollouts to reach an expanded scale throughout 2021.
BIMI essentially rewards organizations for having proper email security by increasing their brand visibility. It’s a win for email security, brand protection, and consumer trust.
By using BIMI, email marketers can expect to see fewer bounces from spam filters, higher open rates, and potentially higher response rates. Of course, the main purpose of BIMI is to offer an extra buffer against spoofing and phishing attacks that work to impersonate businesses.
It also gives businesses more control over the use of their brand identity email by ensuring that only approved domains are allowed to have the verified logo shown alongside an email message. As a result, phishing attacks attempting to impersonate your brand will grow more obvious because they lack a BIMI-verified logo.
BIMI can be viewed as an extension to DMARC, since it is required in order for BIMI to work. When a domain has DMARC properly configured, a new TXT record can be created that enables the BIMI policy. The new TXT record will contain a URL that points to the company logo.
Mail providers that support BIMI will query the domain of the incoming message to locate the BIMI file to verify the message. Once the email passes DMARC authentication, the BIMI file points the receiving email server to the brand logo and displays it in the inbox.
Below is an example of what a BIMI record looks like. Let’s break down each part of the record.
v=BIMI1; – This specifies the version of BIMI that is being used. This will always be required and always need to be the first syntax used in the record.
l= – This denotes the location of the image file to be used when the BIMI check is successful. The location of the image should be hosted somewhere static, and the image format must be in SVG.
v=BIMI1; l=https://images.yourbrand.com/logo.svg; a=https//sub.yourbrand/vmc/logo.pem
Here, “a=” points to the url for the VMC (.pem file).
If you’re looking to learn more about BIMI, or just keep up to date on email security, be sure to subscribe to the Agari blog using the form below.