Brand Indicators for Message Identification (BIMI) is an emerging email specification that enables organizations to lock a brand-controlled logo to an email domain on supporting email clients. In order for a brand’s logo to be displayed, its associated domain must first be authenticated by DMARC to ensure its legitimacy. By leveraging the effort an organization has put into deploying DMARC protection, BIMI is able to build brand recognition, protect against brand impersonation and decrease the likelihood of successful phishing, thus strengthening a brand’s cybersecurity reputation.
BIMI can also be an email marketer’s best friend. Displaying the brand’s logo next to delivered emails not only helps emails standing out in the inbox, but also builds brand recognition and greater engagement. When a consumer can easily verify that the offer, discount, news, etc. in their inbox is not coming from a cybercriminal or other random entity, they’re more likely to open and engage. And email marketers know that open rates are critical. BIMI is a great tool that can be leveraged to boost open rates and click-to-open rates.
Though BIMI is not purely a security solution in itself — that’s what DMARC and other email security specification are for — it can aid in protecting brands and customers from business email compromise (BEC) attacks, wherein a cybercriminal spoofs an organization’s email domain, and impersonates a company executive or other trusted sender. BEC attacks have been of growing concern for years; in 2019, the FBI’s Internet Crime Complaint Center (IC3) received 23,775 complaints regarding BEC, totaling more than $1.7 billion in losses. As BIMI becomes more widely adopted, brand impersonations will become more obvious to consumers because they’ll lack official, easily recognizable logos attached to their delivered emails.
Check the brand’s BIMI compliance using the BIMI Generator, which will tell what the status of the domain’s MX record, SPF record, DMARC record, BIMI record, and SVG image is. The generator will also provide a rough mockup of what the brand’s email will look like in the inbox of a BIMI-supporting email client.
Create a BIMI record with the BIMI Inspector.
Email domains may already have SPF, DKIM and DMARC set up, but none of these provide a visual clue that the typical email user can use to recognize an email’s source and authenticity. BIMI-compliant domains will appear in end user inboxes with a cryptographically protected logo.
Think of these displayed logos like the padlock that’s visible in the browser’s address bar for secured websites — they instantly signal to the end-user that they’re looking at the real deal. Customers will increasingly feel at ease knowing the email sender is who they say they are.
Currently, brand indicators appear next to emails for users of Verizon Media Group (Yahoo/AOL). Google launched a pilot of BIMI for Gmail in July 2020, and Fastmail is working towards a pilot by the end of 2020. Other mailbox providers have announced intent to follow suit.
While it’s possible for an organization to link a brand logo to an email without BIMI, it’s arduous and complicated. The process requires email providers to create a unique system for logo display and management, resulting in varied, complex systems that take control away from the brand itself.
BIMI’s end goal is to take this process and standardize it on a global scale, increasing the security and trust of an open, standards-based email ecosystem by extending the adoption of DMARC enforcement. It’s a good idea for organizations to get on board.
The road to BIMI-compliance can take some time and effort to for an organization to get right. Because BIMI builds on the previously established standards of DMARC, SPF or DKIM, implementation starts by making sure the domains have all three ready to go.
Next, a third-party issued Verified Mark Certificate (VMC) is required for brands wanting to take part in BIMI. In order to obtain a VMC, brands need a trademark protected logo. Once an organization has obtained a VMC, it must update its DNS entry accordingly and have the email provider of the receiving query the domain’s DNS for the corresponding BIMI record. If the record exists, the cryptographically protected logo can be displayed in the receivers’ inboxes.
|All guidance on how to create a BIMI record|
|Validate the record with the BIMI Record Inspector|
|More information about DMARC|