What is BIMI?


Brand Indicators for Message Identification (BIMI) is an emerging email specification that enables organizations to lock a brand-controlled logo to an email domain and have it appear on supporting email clients. BIMI not only enables organizations to display logos with their emails, but also adds an important element of trust for these logos and keeps brands in control.

BIMI builds on DMARC. In order to show the brand’s logo as part of BIMI, the associated domains must first be authenticated by DMARC to ensure their legitimacy. By leveraging the organization’s investment in DMARC, BIMI helps grow the value of the brand both from improved visibility and a cybersecurity standpoint.

As the legitimate brand logo becomes more recognizable and establishes trust among the various audiences, two areas are potentially improved. First, the engagement with the emails can increase. Second, the likelihood of successful brand impersonation and email-borne attacks such as phishing or business email compromise (BEC) will decrease.

BIMI’s end goal is to increase the security and trust of an open, standards-based email ecosystem by building upon the adoption of DMARC on a global scale. As more organizations adopt BIMI, it will improve the way our inboxes look, ultimately helping to create a cybersecurity culture in which end users can more easily spot fraudulent activity.  

This page covers everything you need to know about BIMI:

 

How BIMI Works


When mailbox providers receive an email, they must verify the message with DMARC before it can be delivered. Once the message is authenticated, the mailbox provider then queries the Domain Name System (DNS) — which must have brand assertions published for the sender’s domain — for the domain’s designated BIMI record. Once verified, brands with valid BIMI records will then have their verified logo appear beside their email in recipient inboxes.

In order for an organization to use BIMI, they must already have SPF or DKIM, and DMARC set up. While these specifications help protect a domain from unauthorized spoofing, they do not provide a visual clue to the recipient that the email sender has been authenticated. BIMI-compliant domains will demonstrate this authenticity with a cryptographically protected logo, enabling the average end-user to easily discern legitimate senders.

Brand management in the inbox


It’s possible to link a logo to a brand without BIMI, but it’s vulnerable to spoofing and not standardized in how its use is verified and presented to the email recipient. Without standardized means of locking preferred company logos to domains, each individual mailbox provider interface (MUA) that wishes to display logos must create its own unique system of display and management. These inconsistent systems open the possibility of deviation between MUAs, often leaving brands frustrated with the way their logos are rendered if they are at all.

By standardizing the logo display process from sender to receiver, BIMI keeps participating organizations in control of their branding. BIMI-compliant brands have confidence that their logos are shown as intended, and the power to update and alter branding when it makes sense.

Protect brand and Customers from Impersonation

BIMI is not purely a security solution, but it builds on DMARC and other email security specifications in order to protect the organization and its customers from email-borne attacks. Of increasing concern are business email compromise (BEC) attacks, in which a cybercriminal spoofs an organization’s email domain and impersonates a company executive or other trusted sender. The widespread adoption of BIMI will make brands harder for cybercriminals to impersonate via email. Though it may be difficult for the average user to spot a skillfully spoofed domain, the lack of an official logo accompanying an email will over time become an immediately recognizable red flag.

Stand out in the inbox

Increase deliverability and engagement? BIMI can help.

With increased awareness and training around email-borne cyber threats like phishing and BEC, some users have become so wary of their inbox that legitimate emails go untouched out of an abundance of caution.

According to marketing industry benchmarks, brands see, on average, an email open rate of approximately 20%. It’s a percentage many marketers would love to boost. If a customer sees the company’s logo displayed next to an email in a regular and consistent way — the equivalent to that famous padlock in the browser’s address bar  — they’re able to immediately recognize and trust the brand, making them more apt to open and engage with the email without fear.

Branded emails with high trust are less likely to get unsubscribes or spam reports. BIMI will also improve the chance of deliverability of emails by adding another layer of authentication in addition to DMARC.

The presence of a logo in the inbox enables organizations to communicate their brands even without opening the email. Not only will the email stand out among others, but recipients will be able to connect with the logo, sender address, and subject line.  

How to create a BIMI record


The journey to a BIMI-compliant brand, while well worth it, can take businesses some time and effort to complete. IT staff can refer to this implementation guide for instruction. Because the end goal is standardization, it mainly requires to first publish an SPF, DKIM, and DMARC record. Logos must also meet certain graphical specifications to ensure consistency across mailbox providers.

The BIMI Generator will check the status of the domain’s SPF, DKIM, DMARC, and BIMI records even the SVG image, as well as generate a rough mockup of how the brand’s logo will spear in the inbox of a supporting mailbox provider.

All guidance on how to create a BIMI record
 
Validate the record with the BIMI Record Inspector
 
More information about DMARC