Suped

What is the purpose of the 'h=' tag in a BIMI record?

When you're setting up your BIMI (Brand Indicators for Message Identification) record, you'll come across several different tags, like v= for version and l= for the logo location. One tag that sometimes causes confusion is the h= tag. It's a bit of a historical artifact from the development of the BIMI standard.

The short answer is that the h= tag has no purpose in the current, official BIMI specification. It was part of early drafts but was removed from the final standard, RFC 9091. You should not include it in your BIMI TXT record.

Originally, the h= tag was intended to specify the headers that were hashed for the DKIM signature associated with the BIMI assertion. In essence, it was a way to link the BIMI record to a very specific DKIM signature. However, the standard evolved, and this mechanism was deemed unnecessary. The current BIMI validation process doesn't use it at all, so adding it to your record would be pointless and could potentially cause validation problems with some mailbox providers.

Suped DMARC monitor
Free forever, no credit card required
Get started for free
Trusted by teams securing millions of inboxes
Company logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logoCompany logo

How BIMI works without the 'h=' tag

So, how does BIMI work now? Instead of a specific tag in the BIMI record pointing to the DKIM signature, the process is more streamlined. When a mail server receives your email, it performs a series of checks:

  • DMARC Check: First, it checks for a DMARC record with a policy of p=quarantine or p=reject.
  • DKIM Validation: The server looks for a valid DKIM signature on the email.
  • Domain Alignment: Crucially, it verifies that the domain in the DKIM signature (the d= tag) aligns with the domain in the `From:` header of the email.
  • BIMI Lookup: If all these checks pass, the server then performs a DNS lookup for a BIMI record at the aligned domain from the `From:` header.

This process effectively links the email to the correct BIMI record without needing the obsolete h= tag.

Focus on current BIMI features: selectors

Instead of worrying about obsolete tags, it's more productive to focus on the powerful features that are part of the current BIMI standard. One of the most useful features is the concept of BIMI selectors.

bimigroup.org logo
BIMI Group says:
Visit website
BIMI selectors are a way for domain and brand owners to use multiple logos for a given domain and/or perform A/B testing for BIMI with a minimum of DNS changes.

Selectors allow you to publish multiple BIMI records for a single domain. This is incredibly useful for brands that might have different logos for different product lines, regions, or marketing campaigns. As the BIMI Group explains, they enable you to use multiple logos or even run A/B tests to see which logo performs best.

To use a selector, you create a BIMI record at a specific subdomain, like selector1._bimi.example.com. Then, in the DKIM signature of your email, you add a L= tag that specifies which selector to use (e.g., L=selector1). This tells the mail receiver which specific logo to look up and display.

Final thoughts

To sum up, the h= tag is a remnant of BIMI's development and should not be used. Your focus should be on a correct and complete implementation of the current standard: a strict DMARC policy, aligned DKIM signatures, and a valid logo file. Once you have that foundation, you can explore powerful features like selectors to get the most out of BIMI for your brand.

Start improving your email deliverability today

Get started