What is BIMI? And how can it enhance my email security?

What is BIMI? And how can it enhance my email security? 

Brand Indicators for Message Identification (BIMI) is a new email specification designed to build security and trust between email senders and recipients by allowing brands to display their logos. 

Over 3 billion emails are sent every day – in fact, it’s the most popular way for businesses to communicate. Modern businesses have to trust that emails they receive are legitimate. However, emails are constantly being compromised by hackers, causing significant reputational and financial damage to UK businesses.  

Last year, 4 in 5 UK businesses experienced an attempted phishing attack. It’s worth keeping up with the latest email security measures as cybersecurity is constantly evolving to combat new threats. 

 

What is BIMI?

BIMI enables brands to use their logo as an indicator of their legitimacy. This visual cue helps recipients quickly identify and trust emails from legitimate sources. This has the added bonus of increasing mailer open rates and engagement as your emails stand out more.  

BIMI works in conjunction with established email authentication protocols such as DMARC, SPF, and DKIM, which are required for its implementation. These protocols aim to reduce spoofing and protect sender email health. 

 

Benefits of BIMI

The primary advantage of BIMI is its ability to provide a visual confirmation of an email’s legitimacy. By displaying a verified brand logo, BIMI helps recipients quickly identify trusted emails, reducing the risk of phishing attacks and spam.  

This can enhance email deliverability, improve sender reputation, and reduce the likelihood of emails being marked as junk. Once implemented BIMI can also enhance brand recognition which is great for creative and comms agencies to offer their clients. 

 

Implementing BIMI

To implement BIMI, a domain must have a DMARC record with a policy set to either ‘quarantine’ or ‘reject’ and a percentage tag set to 100%. This ensures that only authenticated emails display the brand logo. The implementation process involves: 

  1. Setting Up DMARC: Ensure your DMARC policy is correctly configured with the required enforcement level. 
  2. Creating a DNS Record: Add a TXT record in your DNS with specific tag-value pairs for BIMI. 
  3. Obtaining a Verified Mark Certificate (VMC): Although optional, a VMC provides validated proof of logo ownership, adding another layer of security. 

 The setup time for BIMI can be up to 48 hours before the brand logo appears in the recipient’s mailbox. 

Sendmarc is a trusted DMARC management platform. They’re experts in implementing BIMI: 

“BIMI is not just about enhancing email security; it elevates your brand’s visibility and strengthens your relationship with your audience. BIMI compliance can be challenging so at Sendmarc, we simplify the process. By ensuring DMARC compliance and managing the complexities of logo certification, we enhance both security and brand engagement.” 

Kieran Frost, Chief Operations Officer at Sendmarc 

 

Email Provider Support and Compatibility

Common questions about BIMI include its compatibility with email providers, the technical specifications for the logo, and its impact on email health. While email provider, Microsoft, doesn’t currently support BIMI, its adoption is growing. Significant industry players like Apple, Mailchimp, Google and Yahoo are already backing the standard. 

 

Frequently Asked Questions (FAQs)

How does BIMI enhance brand recognition in email communications? 

BIMI sends your brand’s logo with your emails, so it’s displayed when recipients view them. 

 

What are the technical requirements for implementing BIMI? 

You need a verified domain, DMARC enforcement policy (set to quarantine or reject), and a properly formatted SVG logo file. 

 

What steps are involved in obtaining a Verified Mark Certificate (VMC)? 

Ensure your domain has a DMARC policy at enforcement level (quarantine or reject) then prepare an SVG logo and apply for a VMC through a certification authority. 

 

Which email platforms currently support BIMI? 

Email platforms that support BIMI include Gmail, Apple Mail, Yahoo Mail and AOL. Support from other providers like Microsoft Outlook is expected in the future. 

 

Are there any known issues with BIMI implementation on specific email clients? 

One known issue is that some email clients may not fully support SVG rendering, affecting logo display. Additionally, inconsistent DMARC implementation across different email providers can impact BIMI effectiveness. 

 

How does BIMI improve email deliverability and open rates? 

BIMI increases brand visibility by displaying the sender’s logo in the inbox, which can improve trust and recognition. This visibility can lead to higher open rates and better email engagement. 

 

Can BIMI help in reducing the chances of our emails being flagged as spam? 

Yes, BIMI can reduce the chances of emails being flagged as spam by enhancing email authentication and brand recognition. Proper DMARC implementation, which is required for BIMI, also helps in reducing spoofing and phishing attacks. 

 

What are the common pitfalls to avoid during the BIMI verification process? 

Common pitfalls include not having a DMARC policy at enforcement, using an incorrectly formatted SVG logo, and not keeping DNS records up to date. Additionally, failing to properly verify domain ownership can delay the process. 

 

Are there any guidelines for the logo design to be used with BIMI? 

The logo must be in SVG format, square in shape, and designed to be recognizable at small sizes. Avoid using detailed or complex images, and ensure the logo adheres to your brand guidelines. 

 

What are the future trends and developments expected for BIMI? 

Future trends include broader adoption by more email providers and enhanced security features. Increased integration with other email authentication technologies like DMARC, DKIM, and SPF is also expected. 

 

How can we stay ahead of the curve in terms of email authentication technologies? 

Stay updated with industry standards and best practices for email authentication. Regularly review and update your DMARC, DKIM, and SPF records, and monitor developments in BIMI and other authentication technologies.  

 

Conclusion

BIMI represents a step forward in email security and trust. By providing a visual indicator of email authenticity, recipients can quickly identify legitimate emails. This thereby enhances brand recognition and reduces the risk of spam and phishing attacks. 

Whilst Microsoft is yet to adopt the standard, its article on BIMI suggests that it may do in the future. This would be a significant step for BIMI as Microsoft supports a significant proportion of email users. This would create an overall more trustworthy email ecosystem. 

BIMI is still relatively new, meaning early users will stand out and can visually demonstrate their increased security over competitors. They will also increase their trustworthiness and recognition. 

Contact us to discuss your IT needs. Check out our comprehensive checklist in the resources hub to get started.