Summary
BIMI (Brand Indicators for Message Identification) requires a robust DMARC (Domain-based Message Authentication, Reporting & Conformance) policy for participation. This policy must be set to either 'quarantine' or 'reject' at the organizational domain level. If 'quarantine' is selected, the 'pct' (percentage) value must be 100. A subdomain with a DMARC policy of 'none' will only affect that subdomain's BIMI eligibility and not the rest of the organization. When the 'pct' value is specified as less than 100, the remaining percentage is applied to the next policy. The goal is to ensure that only authenticated emails display the brand's logo, enhancing email security and trust.
Key findings
- DMARC Policy: BIMI requires a DMARC policy of either 'quarantine' or 'reject'.
- pct Value: For 'quarantine' policies, the 'pct' value must be 100.
- Subdomain Impact: A 'none' DMARC policy on a subdomain only affects that subdomain's BIMI capability.
- Unspecified pct: When 'pct' is less than 100, the remaining percentage adopts the next specified policy.
- Authentication: BIMI helps improve email sender authentication.
Key considerations
- Implementation: Carefully implement DMARC to meet the specified BIMI requirements.
- Subdomain Policies: Understand the implications of using a subdomain with 'none' DMARC policy.
- Monitoring: Continuously monitor DMARC performance and adjust policies as needed.
- Security: BIMI is a good addition to a strong sender authentication configuration to enhance overall email security.
What email marketers say
11 marketer opinions
BIMI (Brand Indicators for Message Identification) requires a strong DMARC (Domain-based Message Authentication, Reporting & Conformance) policy for participation. Specifically, the DMARC policy must be set to either 'quarantine' or 'reject' for both the organizational domain and the RFC5322.From domain. If a 'quarantine' policy is used, the 'pct' value must be 100. If a subdomain has a 'none' DMARC policy, it only affects that subdomain and not the overall organizational domain. When 'pct' is specified and not 100, the remaining percentage defaults to the next policy (e.g., 'reject pct=70' means 70% reject and 30% quarantine). This ensures only authenticated emails display the brand's logo.
Key opinions
- DMARC Requirement: BIMI requires DMARC with a policy of either 'quarantine' or 'reject'.
- pct Value: If using 'quarantine', the 'pct' value must be 100.
- Subdomain Policy: A 'none' DMARC policy on a subdomain only affects that subdomain's BIMI eligibility.
- pct Implications: If 'pct' is less than 100, the remaining percentage defaults to the next policy.
Key considerations
- Policy Enforcement: Ensure DMARC policy is strictly enforced to meet BIMI requirements.
- Subdomain Impact: Understand the impact of subdomain DMARC policies on BIMI eligibility.
- Aggregate Reports: DMARC aggregate reports can help monitor and adjust policies to meet requirements.
- Testing: Thoroughly test DMARC and BIMI implementation to avoid unintended consequences.
Marketer view
Email marketer from EmailToolTester.com explains that to use BIMI, your domain must have DMARC set up with a policy of either 'quarantine' or 'reject'.
29 Jan 2025 - EmailToolTester.com
Marketer view
Email marketer from Reddit comments that BIMI implementations require DMARC to be enforced with a policy of either quarantine or reject, and specifies that pct must be set to 100 if using quarantine to be compliant with BIMI.
5 Dec 2023 - Reddit
What the experts say
2 expert opinions
Experts agree that BIMI requires DMARC to be in place with a policy set to either quarantine or reject to verify the authenticity of email senders. It's recommended that BIMI is a good add-on to a robust sender authentication configuration.
Key opinions
- DMARC Requirement: BIMI necessitates DMARC configuration.
- Policy Options: DMARC policy must be set to either 'quarantine' or 'reject' for BIMI implementation.
- Sender Authentication: BIMI helps verify email sender authenticity.
- Authentication Addition: BIMI enhances strong sender authentication configurations.
Key considerations
- DMARC setup: Make sure that DMARC is properly set up before implementing BIMI.
- Policy choice: Make sure to choose either reject or quarantine, don't use none.
- Authentication First: Ensure a solid sender authentication strategy exists before adding BIMI.
Expert view
Expert from Spamresource says BIMI depends on DMARC to verify the authenticity of email senders. To use BIMI, you must have DMARC set up with a policy of quarantine or reject.
21 May 2022 - Spamresource
Expert view
Expert from Word to the Wise notes that BIMI requires DMARC to be in place at either quarantine or reject. Recommends that BIMI is a nice addition to a strong sender authentication configuration.
4 Aug 2024 - Word to the Wise
What the documentation says
3 technical articles
Official documentation states that BIMI requires a strong DMARC policy set to either 'quarantine' or 'reject' for both the organizational and RFC5322.From domains. When using 'quarantine,' the 'pct' value must be 100. This ensures that only authenticated emails can display the sender's logo, enhancing trust and security.
Key findings
- DMARC Requirement: BIMI mandates a robust DMARC policy.
- Policy Options: DMARC must be set to 'quarantine' or 'reject'.
- pct Value for Quarantine: If using 'quarantine', the 'pct' value must be 100.
- Logo Display: Successful DMARC authentication enables the display of the sender's logo.
Key considerations
- DMARC Configuration: Carefully configure DMARC to meet BIMI's specific requirements.
- Policy Choice Impact: Understand the implications of choosing 'quarantine' vs. 'reject'.
- Monitoring and Enforcement: Continuously monitor DMARC performance and enforce policies effectively.
- Legitimate Senders: Ensuring legitimate senders are properly authenticated to leverage BIMI's logo display.
Technical article
Documentation from BIMIGroup.org explains that to participate in BIMI, a strong DMARC policy (quarantine or reject) must be in place for both the Organizational Domain and the RFC5322.From Domain. Quarantine policies must have a 'pct' value of 100.
8 Jan 2025 - BIMIGroup.org
Technical article
Documentation from Valimail.com highlights that BIMI requires DMARC authentication and enforcement, ensuring that only legitimate senders can display their logos. They also state BIMI builds on DMARC, requiring a policy of either quarantine or reject.
19 Feb 2023 - Valimail.com
Can BIMI logos be animated and how do Google profile images interact with BIMI?
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do I need a VMC for BIMI to work with Google and Gmail?
Does domain/IP reputation affect BIMI logo display with VMC?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I set up DMARC for BIMI and what are the key considerations?
