Suped
What are the requirements for BIMI, and how do I troubleshoot authentication failures?
Summary
BIMI implementation requires a DMARC policy set to quarantine or reject, valid SPF and DKIM records, and a Verified Mark Certificate (VMC) for your logo, especially for providers like Google. The VMC validates logo ownership and requires trademarking. DMARC reports are crucial for identifying and troubleshooting authentication failures. Common errors include incorrect DNS syntax, unvalidated VMCs, and overly permissive DMARC policies. While BIMI itself might not directly boost deliverability, it enhances brand recognition, engagement, and sender reputation. Monitor DMARC compliance and utilize online BIMI checkers. SPF records have lookup limits, and one-off authentication failures can occur. Setting up SPF/DKIM for all mailstreams and tweaking settings for senders like HubSpot are important.

Key findings

  • BIMI Core Requirements: DMARC enforcement, valid SPF/DKIM records, and a VMC are essential for BIMI.
  • VMC Importance: A VMC is generally needed for BIMI, especially to display your logo in Gmail.
  • DMARC reports: DMARC reports provide key insights for troubleshooting authentication failures, including SPF/DKIM alignment.
  • Troubleshooting and Validating: Tools such as SPF/DKIM validation and BIMI checkers are available.
  • BIMI's broader impact: BIMI contributes to brand recognition, engagement, and overall sender reputation.

Key considerations

  • VMC and Trademarking: Ensure you trademark your logo and obtain a VMC from an authorized provider before implementing BIMI.
  • HubSpot specific settings: If using HubSpot, verify SPF/DKIM settings and adjust before setting DMARC to quarantine.
  • Reviewing DMARC data: Regularly review and adjust DMARC policies based on reported authentication failures.
  • SPF limits: Optimize SPF records to remain below the 10 DNS lookup limit to avoid authentication failures.
  • DKIM Requirements: Ensure the DKIM signing key is correctly configured in both your sending service and DNS.
What email marketers say
12 marketer opinions
BIMI (Brand Indicators for Message Identification) enhances email security and brand recognition. Key requirements include DMARC enforcement (policy set to 'quarantine' or 'reject'), valid SPF and DKIM records, and a Verified Mark Certificate (VMC) for the logo (required by some providers like Google). Troubleshooting authentication failures involves checking DNS records, analyzing DMARC reports, and ensuring proper SPF/DKIM configuration. Common implementation errors include incorrect DNS syntax and unvalidated VMCs. Although BIMI may not directly improve deliverability, it boosts brand engagement and sender reputation. Monitoring DMARC compliance and using online BIMI checkers are crucial.

Key opinions

  • BIMI Requirements: DMARC enforcement, valid SPF/DKIM, and a VMC are essential for BIMI implementation.
  • VMC Importance: A Verified Mark Certificate is often required, particularly by Google, to display your logo.
  • DMARC Enforcement: BIMI necessitates a DMARC policy set to 'quarantine' or 'reject'.
  • Troubleshooting Authentication: Check DNS records for SPF and DKIM, analyze DMARC reports, and use online BIMI checkers.
  • BIMI Benefits: BIMI improves brand recognition, engagement, and sender reputation, but may not directly affect deliverability.

Key considerations

  • Trademark: Ensure your logo is trademarked as this is a requirement to obtaining a VMC.
  • Logo Design: Use a square SVG file optimized for various sizes for your BIMI logo.
  • DMARC Monitoring: Regularly monitor DMARC compliance to ensure ongoing email authentication effectiveness.
  • Common Errors: Avoid incorrect DNS record syntax and using unvalidated VMCs during setup.
  • IP Addresses: Make sure your SPF records includes all your IP addresses that you send mail from.
Marketer view
Email marketer from Mailjet responds that you can use online BIMI checkers to verify if your BIMI record is properly configured and visible. This helps ensure that your logo will display correctly in supporting inboxes.
25 Nov 2023 - Mailjet
Marketer view
Email marketer from Gmass explains that your BIMI logo should be a square SVG file, optimized for display at various sizes. It's best to use a simple, recognizable version of your logo for maximum impact.
11 Sep 2024 - Gmass
What the experts say
6 expert opinions
Implementing BIMI and troubleshooting authentication failures requires careful attention to several key factors. For Google, a VMC is essential for displaying your logo. DMARC should be enforced, and issues can be identified and addressed using DMARC reports, particularly to assess SPF/DKIM alignment. Risky quarantine policies only impact mail streams that fail both SPF and DKIM validation. SPF/DKIM needs to be setup correctly for each of your mailstreams. VMCs are obtained from recognized certificate authorities, verifying your logo's trademarked status and DMARC reports must be examined.

Key opinions

  • VMC for Google: A Verified Mark Certificate (VMC) is a requirement for BIMI logo display in Gmail.
  • DMARC Enforcement: DMARC should be enforced for BIMI, with 'quarantine' only risky if both SPF and DKIM fail.
  • Troubleshooting with DMARC Reports: DMARC reports are crucial for examining SPF/DKIM alignment and identifying patterns in authentication failures.
  • SPF/DKIM requirements: Your SPF/DKIM must be setup correctly so your mail stream can be correctly validated.

Key considerations

  • Hubspot Specifics: If emails from Hubspot are failing SPF/DKIM, tweak Hubspot settings before enforcing quarantine.
  • Certificate Authority: Obtain VMCs from recognized certification authorities to validate the trademarked status of your logo.
Expert view
Expert from Word to the Wise responds that a VMC is required if you want your BIMI logo to display in Gmail. It validates the trademarked status of your logo. You must obtain it from a recognized certification authority.
23 Dec 2021 - Word to the Wise
Expert view
Expert from Email Geeks explains that if emails from Hubspot are failing SPF/DKIM, you should tweak your settings in Hubspot for those failed emails before moving to a quarantine.
13 Jan 2022 - Email Geeks
What the documentation says
5 technical articles
BIMI implementation requires a DMARC policy ('quarantine' or 'reject'), valid SPF/DKIM, and a Verified Mark Certificate (VMC) for your logo, especially for providers like Google. Obtaining a VMC involves trademarking your logo and purchasing it from an authorized provider like DigiCert. DMARC reports are crucial for analyzing authentication failures, identifying misconfigured SPF/DKIM or unauthorized senders. Ensure your SPF record stays within the 10 DNS lookup limit to avoid authentication issues.

Key findings

  • Core BIMI Requirements: DMARC policy, valid SPF/DKIM, and VMC are mandatory for BIMI.
  • VMC Acquisition: Trademark your logo first, then purchase a VMC from an authorized provider (e.g., DigiCert).
  • DMARC Report Utility: DMARC reports help identify authentication failure sources.
  • SPF Lookup Limit: SPF records must stay within the 10 DNS lookup limit.

Key considerations

  • Trademarking: Prioritize trademarking your logo before pursuing VMC acquisition.
  • SPF Record Optimization: Flatten or consolidate SPF records to stay within the lookup limit.
Technical article
Documentation from dmarcian explains that DMARC reports provide insights into authentication failures. Analyze these reports to identify the source of failures, whether it's misconfigured SPF/DKIM, or unauthorized senders using your domain.
2 Feb 2023 - dmarcian
Technical article
Documentation from AuthSMTP notes that SPF records have a lookup limit of 10 DNS lookups. If your SPF record exceeds this limit, it can cause authentication failures. Try to flatten or consolidate your SPF record to stay within the limit.
6 Aug 2023 - AuthSMTP
Start improving your email deliverability today
Get a demo