Suped

What are the requirements for BIMI, and how do I troubleshoot authentication failures?

12Marketer opinions6Expert opinions5Technical articles6Resources

Summary

BIMI implementation requires a DMARC policy set to quarantine or reject, valid SPF and DKIM records, and a Verified Mark Certificate (VMC) for your logo, especially for providers like Google. The VMC validates logo ownership and requires trademarking. DMARC reports are crucial for identifying and troubleshooting authentication failures. Common errors include incorrect DNS syntax, unvalidated VMCs, and overly permissive DMARC policies. While BIMI itself might not directly boost deliverability, it enhances brand recognition, engagement, and sender reputation. Monitor DMARC compliance and utilize online BIMI checkers. SPF records have lookup limits, and one-off authentication failures can occur. Setting up SPF/DKIM for all mailstreams and tweaking settings for senders like HubSpot are important.

Key findings

  • BIMI Core Requirements: DMARC enforcement, valid SPF/DKIM records, and a VMC are essential for BIMI.
  • VMC Importance: A VMC is generally needed for BIMI, especially to display your logo in Gmail.
  • DMARC reports: DMARC reports provide key insights for troubleshooting authentication failures, including SPF/DKIM alignment.
  • Troubleshooting and Validating: Tools such as SPF/DKIM validation and BIMI checkers are available.
  • BIMI's broader impact: BIMI contributes to brand recognition, engagement, and overall sender reputation.

Key considerations

  • VMC and Trademarking: Ensure you trademark your logo and obtain a VMC from an authorized provider before implementing BIMI.
  • HubSpot specific settings: If using HubSpot, verify SPF/DKIM settings and adjust before setting DMARC to quarantine.
  • Reviewing DMARC data: Regularly review and adjust DMARC policies based on reported authentication failures.
  • SPF limits: Optimize SPF records to remain below the 10 DNS lookup limit to avoid authentication failures.
  • DKIM Requirements: Ensure the DKIM signing key is correctly configured in both your sending service and DNS.

What email marketers say
12Marketer opinions

BIMI (Brand Indicators for Message Identification) enhances email security and brand recognition. Key requirements include DMARC enforcement (policy set to 'quarantine' or 'reject'), valid SPF and DKIM records, and a Verified Mark Certificate (VMC) for the logo (required by some providers like Google). Troubleshooting authentication failures involves checking DNS records, analyzing DMARC reports, and ensuring proper SPF/DKIM configuration. Common implementation errors include incorrect DNS syntax and unvalidated VMCs. Although BIMI may not directly improve deliverability, it boosts brand engagement and sender reputation. Monitoring DMARC compliance and using online BIMI checkers are crucial.

Key opinions

  • BIMI Requirements: DMARC enforcement, valid SPF/DKIM, and a VMC are essential for BIMI implementation.
  • VMC Importance: A Verified Mark Certificate is often required, particularly by Google, to display your logo.
  • DMARC Enforcement: BIMI necessitates a DMARC policy set to 'quarantine' or 'reject'.
  • Troubleshooting Authentication: Check DNS records for SPF and DKIM, analyze DMARC reports, and use online BIMI checkers.
  • BIMI Benefits: BIMI improves brand recognition, engagement, and sender reputation, but may not directly affect deliverability.

Key considerations

  • Trademark: Ensure your logo is trademarked as this is a requirement to obtaining a VMC.
  • Logo Design: Use a square SVG file optimized for various sizes for your BIMI logo.
  • DMARC Monitoring: Regularly monitor DMARC compliance to ensure ongoing email authentication effectiveness.
  • Common Errors: Avoid incorrect DNS record syntax and using unvalidated VMCs during setup.
  • IP Addresses: Make sure your SPF records includes all your IP addresses that you send mail from.
Marketer view

Email marketer from Mailjet responds that you can use online BIMI checkers to verify if your BIMI record is properly configured and visible. This helps ensure that your logo will display correctly in supporting inboxes.

January 2022 - Mailjet
Marketer view

Email marketer from Gmass explains that your BIMI logo should be a square SVG file, optimized for display at various sizes. It's best to use a simple, recognizable version of your logo for maximum impact.

March 2024 - Gmass
Marketer view

Email marketer from Valimail shares that BIMI necessitates DMARC enforcement. This means setting your DMARC policy to either 'quarantine' or 'reject' to instruct receiving mail servers on how to handle unauthenticated emails impersonating your domain.

August 2022 - Valimail
Marketer view

Email marketer from Email Geeks shares that Google requires a VMC, which necessitates a trademarked logo, for BIMI. Also notes that low sending volume may prevent the logo from showing, but the specific cutoff is unknown.

January 2023 - Email Geeks
Marketer view

Email marketer from EmailToolTester explains that common BIMI implementation errors include incorrect DNS record syntax, using an unvalidated VMC, or not having a DMARC policy strict enough (p=quarantine or p=reject).

February 2022 - EmailToolTester
Marketer view

Email marketer from ZeroBounce responds that implementing BIMI helps your brand stand out in crowded inboxes, increases brand awareness, and improves trust with recipients by proving you are a legitimate sender.

November 2024 - ZeroBounce
Marketer view

Email marketer from Reddit user u/email_pro explains that to troubleshoot SPF, check your DNS records to ensure your sending IPs are included. For DKIM, verify that your DKIM keys are properly configured in your DNS and that your email sending service is signing messages correctly.

September 2023 - Reddit
Marketer view

Email marketer from Litmus responds that it is important to monitor your DMARC compliance regularly to ensure that your email authentication remains effective and that no unauthorized senders are using your domain. This involves setting up and reviewing DMARC reports.

March 2022 - Litmus
Marketer view

Email marketer from Email Geeks shares that BIMI doesn't necessarily improve deliverability but gives you the deliverability you deserve based on your authentication setup. Studies suggest it can increase engagement.

December 2023 - Email Geeks
Marketer view

Email marketer from Sendinblue shares to improve email authentication, ensure your SPF record includes all IPs that send email on your behalf, and generate and validate a DKIM record. Regularly check for DMARC compliance for each.

September 2023 - Sendinblue
Marketer view

Email marketer from Email Geeks explains that one-off authentication failures are expected due to factors you can't control.

October 2021 - Email Geeks
Marketer view

Email marketer from Email Marketing Forum shares that while BIMI does not directly impact deliverability, it can improve brand recognition and engagement in the inbox, indirectly boosting your sending reputation over time.

July 2023 - Email Marketing Forum

What the experts say
6Expert opinions

Implementing BIMI and troubleshooting authentication failures requires careful attention to several key factors. For Google, a VMC is essential for displaying your logo. DMARC should be enforced, and issues can be identified and addressed using DMARC reports, particularly to assess SPF/DKIM alignment. Risky quarantine policies only impact mail streams that fail both SPF and DKIM validation. SPF/DKIM needs to be setup correctly for each of your mailstreams. VMCs are obtained from recognized certificate authorities, verifying your logo's trademarked status and DMARC reports must be examined.

Key opinions

  • VMC for Google: A Verified Mark Certificate (VMC) is a requirement for BIMI logo display in Gmail.
  • DMARC Enforcement: DMARC should be enforced for BIMI, with 'quarantine' only risky if both SPF and DKIM fail.
  • Troubleshooting with DMARC Reports: DMARC reports are crucial for examining SPF/DKIM alignment and identifying patterns in authentication failures.
  • SPF/DKIM requirements: Your SPF/DKIM must be setup correctly so your mail stream can be correctly validated.

Key considerations

  • Hubspot Specifics: If emails from Hubspot are failing SPF/DKIM, tweak Hubspot settings before enforcing quarantine.
  • Certificate Authority: Obtain VMCs from recognized certification authorities to validate the trademarked status of your logo.
Expert view

Expert from Word to the Wise responds that a VMC is required if you want your BIMI logo to display in Gmail. It validates the trademarked status of your logo. You must obtain it from a recognized certification authority.

July 2023 - Word to the Wise
Expert view

Expert from Email Geeks explains that if emails from Hubspot are failing SPF/DKIM, you should tweak your settings in Hubspot for those failed emails before moving to a quarantine.

May 2023 - Email Geeks
Expert view

Expert from Email Geeks responds that implementing DMARC with a 'quarantine' policy is only risky if both SPF and DKIM fail. Using DMARC tools should help assess the level of risk.

October 2024 - Email Geeks
Expert view

Expert from SpamResource explains that when troubleshooting authentication failures, it is crucial to thoroughly examine DMARC reports. These reports offer detailed information regarding SPF and DKIM alignment, which is essential for BIMI compliance. They further note identifying patterns of failure is also beneficial; for example, if a particular sending source consistently fails authentication, it suggests a misconfiguration that needs addressing.

April 2023 - SpamResource
Expert view

Expert from Email Geeks explains that for Google, a VMC (Verified Mark Certificate) is required for BIMI implementation. Also DMARC needs to be at enforcement on p= and sp=.

February 2022 - Email Geeks
Expert view

Expert from Email Geeks explains that you should setup SPF/DKIM to fix authentication issues.

March 2023 - Email Geeks

What the documentation says
5Technical articles

BIMI implementation requires a DMARC policy ('quarantine' or 'reject'), valid SPF/DKIM, and a Verified Mark Certificate (VMC) for your logo, especially for providers like Google. Obtaining a VMC involves trademarking your logo and purchasing it from an authorized provider like DigiCert. DMARC reports are crucial for analyzing authentication failures, identifying misconfigured SPF/DKIM or unauthorized senders. Ensure your SPF record stays within the 10 DNS lookup limit to avoid authentication issues.

Key findings

  • Core BIMI Requirements: DMARC policy, valid SPF/DKIM, and VMC are mandatory for BIMI.
  • VMC Acquisition: Trademark your logo first, then purchase a VMC from an authorized provider (e.g., DigiCert).
  • DMARC Report Utility: DMARC reports help identify authentication failure sources.
  • SPF Lookup Limit: SPF records must stay within the 10 DNS lookup limit.

Key considerations

  • Trademarking: Prioritize trademarking your logo before pursuing VMC acquisition.
  • SPF Record Optimization: Flatten or consolidate SPF records to stay within the lookup limit.
Technical article

Documentation from dmarcian explains that DMARC reports provide insights into authentication failures. Analyze these reports to identify the source of failures, whether it's misconfigured SPF/DKIM, or unauthorized senders using your domain.

December 2023 - dmarcian
Technical article

Documentation from AuthSMTP notes that SPF records have a lookup limit of 10 DNS lookups. If your SPF record exceeds this limit, it can cause authentication failures. Try to flatten or consolidate your SPF record to stay within the limit.

November 2021 - AuthSMTP
Technical article

Documentation from Entrust notes that a VMC verifies that you own the logo displayed with BIMI. This requires trademarking your logo and purchasing a VMC from an authorized provider.

June 2023 - Entrust
Technical article

Documentation from DigiCert shares that to obtain a VMC, you must first trademark your logo with an approved intellectual property office. Then, submit the trademark and other required information to a VMC issuing authority like DigiCert.

May 2024 - DigiCert
Technical article

Documentation from BIMI Group explains that BIMI requires a DMARC policy set to 'quarantine' or 'reject', valid SPF and DKIM records, and a Verified Mark Certificate (VMC) for your logo (required by some mailbox providers like Google).

December 2024 - BIMI Group

Related resources
6Resources

Troubleshooting common BIMI problems - Valimail
Troubleshooting common BIMI problems - Valimail

Learn why your logo isn’t showing up in the inbox (and what to do about it) in this complete guide to troubleshooting BIMI problems.

Valimail -
Email Authentication Basics: SPF, DKIM, DMARC & BIMI | Mailgun
Email Authentication Basics: SPF, DKIM, DMARC & BIMI | Mailgun

Email Authentication lets ISPs know who you are as a sender, and proves your emails are coming from you and not a spammer – but what does that entail?

Mailgun
Troubleshooting common BIMI issues - DuoCircle
Troubleshooting common BIMI issues - DuoCircle

You probably already know that your logo is one of the biggest assets your brand owns, but wouldn’t it be great if it showed next to your emails in the

DuoCircle
BIMI Validator | URIports
BIMI Validator | URIports

URIports. Real-time reporting for websites and email

URIports
SPF Record Checker and Lookup Tool | EasyDMARC
SPF Record Checker and Lookup Tool | EasyDMARC

Check if an SPF record is published on a domain and deployed correctly, identify its issues, and validate your SPF record. Check Your SPF Record Now!

EasyDMARC
How to Create a BIMI Logo: Your Step-by-Step Guide - Email on Acid
How to Create a BIMI Logo: Your Step-by-Step Guide - Email on Acid

Find out how to design a BIMI logo for email inboxes and learn about the steps you’ll need to take to get your brand BIMI ready.

Email on Acid

Related questions