Does Pardot directly support BIMI?

No, Pardot does not directly support BIMI as an internal feature. Instead, Pardot provides the necessary infrastructure for you to configure the email authentication protocols (SPF, DKIM, DMARC) on your sending domain. BIMI itself is a DNS record that relies on these foundational authentication standards being properly set up for your domain.

What are the essential requirements for BIMI with Pardot?

The main requirements are a DMARC policy set to p=quarantine or p=reject , a properly aligned SPF and DKIM, and for most major mailbox providers, a Verified Mark Certificate (VMC) for your trademarked logo. Your Pardot account must be configured to use your custom sending domain for authentication.

How does Pardot's use of exacttarget.com affect BIMI?

The exacttarget.com domain often appears in the return-path, which is part of the SPF check. While this can cause issues with strict SPF alignment, Pardot allows custom domains for DKIM. If your DKIM aligns with your From domain, it will satisfy DMARC requirements for BIMI. Salesforce Support can also sometimes manually adjust the return-path for relaxed SPF alignment if needed.

How can I verify if BIMI is working correctly for my Pardot emails?

You can verify your BIMI setup by checking your domain’s DNS records for the BIMI TXT record and confirming your DMARC policy is enforced. Additionally, you can send test emails to mailbox providers known to support BIMI (like Gmail and Fastmail ) to see if your logo appears in the inbox. Remember that a VMC is required for major providers.

Does Pardot support BIMI and how can I configure it? - Technical - Email deliverability - Knowledge base

Many email marketers using Pardot often wonder if the platform inherently supports Brand Indicators for Message Identification (BIMI). The simple answer is that BIMI is not a feature an email sending platform directly supports in the traditional sense, but rather a DNS record that relies on robust email authentication. If your email sending infrastructure, like Pardot, can properly authenticate your emails, then you can likely implement BIMI. It's about ensuring your domain is correctly set up for DMARC, DKIM, and SPF, which Pardot facilitates.

A common point of confusion arises from Pardot's use of a exacttarget.com domain in its backend, particularly in the return-path. Some vendors might suggest this prevents DMARC and BIMI alignment. However, this isn't necessarily true. Pardot's setup can accommodate the required authentication protocols, provided you configure your DNS records correctly and potentially work with Salesforce support for specific return-path adjustments for SPF alignment. Our goal here is to demystify this process and guide you through configuring BIMI with Pardot.

The foundational requirements for BIMI

BIMI, or Brand Indicators for Message Identification, is an email specification that allows your brand's logo to appear next to your authenticated emails in supporting inboxes. It's a visual trust indicator, not an authentication protocol itself, but it relies heavily on strong email authentication to ensure the logo displayed is genuinely from your brand.

The core prerequisites for BIMI are the implementation and enforcement of SPF, DKIM, and DMARC. Specifically, your DMARC policy must be set to either p=quarantine or p=reject. A p=none policy, while useful for monitoring, is insufficient for BIMI. This strict DMARC enforcement is what assures mailbox providers like

Google and

Yahoo that your emails are legitimate, thereby qualifying them for logo display. You can find more details on DMARC requirements for BIMI here.

Beyond the basic authentication, most major mailbox providers now require a Verified Mark Certificate (VMC) to display your logo. A VMC is a digital certificate that verifies the authenticity of your logo, linking it directly to your authenticated domain. This adds an extra layer of trust and security, helping to prevent brand impersonation. Without a VMC, your BIMI logo will likely not appear in the inboxes of major providers, even if your DMARC is enforced.

Pardot's role in email authentication

Pardot itself does not need to support BIMI directly, because BIMI is configured at the DNS level of your sending domain, not within the email sending application. What Pardot needs to do is send authenticated and aligned emails to ensure a DMARC pass. Pardot allows for the configuration of custom sender domains, which includes setting up DKIM and SPF records to align with your brand's domain. This alignment is critical for DMARC, and consequently, for BIMI.

The confusion around Pardot and the exacttarget.com return-path stems from how Pardot handles SPF. By default, Pardot's SPF record may point to exacttarget.com, which doesn't directly align with your From domain. However, Pardot supports custom domains for the return-path and DKIM signature, which is typically sufficient. While Pardot doesn't host your DNS, managing the DMARC record falls to you or your DNS provider, making it an external configuration. Salesforce Support can, in some cases, manually update the return-path domain for a Pardot account to allow for relaxed SPF alignment with your From or DKIM domain.

The key is ensuring that at least one of SPF or DKIM aligns with your From domain to achieve a DMARC pass. Pardot's self-serve DKIM configuration makes this straightforward. Once DKIM is set up and aligned, your emails will pass DMARC, making them eligible for BIMI.

Configuring BIMI with Pardot

Configuring BIMI when sending from Pardot involves several steps, primarily focused on your domain's DNS records and DMARC policy. Here’s a general guide:

Ensure SPF and DKIM are configured: Verify that your SPF and DKIM records are correctly set up in your DNS and within Pardot. Pardot provides instructions for adding these records to your domain to ensure proper email authentication. For DKIM, ensure the signing domain aligns with your From domain. This is crucial for DMARC alignment and subsequently for BIMI.
Implement DMARC with enforcement: Set up a DMARC record for your sending domain. This record must have a policy of p=quarantine or p=reject. If you're currently at p=none, you'll need to monitor your DMARC reports to ensure legitimate emails are passing authentication before moving to an enforcement policy. You can find simple DMARC examples here. This step is entirely handled within your domain's DNS, separate from Pardot.
Obtain a Verified Mark Certificate (VMC): For most major mailbox providers, a VMC is mandatory to display your logo. This requires you to have a registered trademark for your logo. Work with an accredited Certificate Authority (CA) to obtain your VMC. You can learn more about implementing BIMI here.
Publish your BIMI DNS TXT record: Once you have your VMC and your DMARC policy is enforced, you can publish your BIMI TXT record in your DNS. This record points to the location of your SVG-formatted logo and your VMC. An example record looks like this:

BIMI DNS TXT Record ExampleDNS

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/path/to/logo.svg; a=https://yourdomain.com/path/to/vmc.pem;"

The implementation steps for BIMI and its requirements are consistent regardless of whether you're sending from Pardot or another email service provider. The key lies in correctly configuring your domain's DNS records to satisfy the authentication requirements. More detailed information on implementation steps can be found in this guide.

Best practices and common pitfalls

While the process of implementing BIMI with Pardot is feasible, it's not without its nuances. Ensuring your DMARC record is properly configured and enforced is paramount. Many senders encounter issues when their DMARC policy isn't strict enough, or when their SPF and DKIM records aren't consistently aligned. A common blocklist (blacklist) related issue could arise if poor sending practices lead to your domain being listed, which would impact your overall email deliverability and, indirectly, your BIMI effectiveness.

Best practices for BIMI success

Monitor DMARC reports: Regularly check your DMARC reports to identify any authentication failures or misconfigurations before enforcing your policy. This ensures that legitimate emails are not quarantined or rejected. Our guide on DMARC reports can help.
Use a VMC: While some providers might show BIMI without a VMC, major players like Google and Yahoo require it for logo display. Investing in a VMC ensures broader adoption and brand trust. You can see which email providers support BIMI.
Maintain a clean sending reputation: Avoid getting on email blocklists (or blacklists) by adhering to best practices like sending to engaged audiences and managing bounces effectively. A poor sending reputation can negate the benefits of BIMI.

The landscape of email authentication and branding is constantly evolving. Staying informed about the latest requirements from mailbox providers, such as the increasing emphasis on DMARC enforcement and VMCs, is crucial for successful BIMI implementation and maintaining good email deliverability. While Pardot provides the necessary capabilities for sending authenticated emails, the ultimate responsibility for BIMI configuration lies with the domain owner and their DNS management.

Views from the trenches

Best practices

Ensure DMARC is set to p=quarantine or p=reject on your domain to meet BIMI requirements.

Always align your DKIM signature with your From domain for DMARC pass.

Consider obtaining a Verified Mark Certificate (VMC) for broader BIMI logo display across major providers.

Common pitfalls

Relying on a p=none DMARC policy, which will prevent BIMI logo display.

Assuming Pardot directly supports BIMI instead of understanding its reliance on DNS.

Neglecting to align the return-path/SPF domain if not using custom SPF setup in Pardot.

Expert tips

Pardot itself does not need to explicitly support BIMI. It merely needs to send authenticated and aligned email for DMARC to pass.

Pardot supports custom domains for return-path and DKIM, which are key for DMARC alignment.

If relaxed alignment is needed for the return-path (SPF), Salesforce Support can manually adjust this setting for Pardot accounts.

Expert view

Expert from Email Geeks says that BIMI should work with any email environment that supports domain authentication alignment.

2023-11-16 - Email Geeks

Expert view

Expert from Email Geeks says Pardot needs to send authenticated and aligned email to create a DMARC pass for a participating provider to display a BIMI logo.

2023-11-16 - Email Geeks

Embracing BIMI for brand recognition

While Pardot doesn't offer a direct BIMI enable button, it fully supports the underlying email authentication protocols necessary for BIMI implementation. By ensuring your SPF and DKIM records are correctly set up and aligned, and by enforcing a robust DMARC policy, you can successfully display your brand's logo in supporting inboxes when sending emails via Pardot. Remember that the process primarily involves managing your domain's DNS records, often with the additional requirement of a Verified Mark Certificate for major mailbox providers.

Implementing BIMI enhances brand visibility and trust, providing a visual cue to recipients that your emails are authenticated and legitimate. By following these steps and paying close attention to your email authentication standards, you can leverage BIMI to strengthen your email marketing efforts. If you are having issues with your emails getting to the inbox, you can try our free email deliverability tester.