A common question I hear is whether Brand Indicators for Message Identification (BIMI) requires a specific, unique port to work. The short answer is no. BIMI doesn't use a special port for fetching logos. Instead, it relies on the standard, secure protocol used by the entire web: HTTPS.
This process is quite simple. When a mailbox provider like Gmail or Yahoo receives your email, it first checks your DMARC authentication. If that passes, it looks up your domain's BIMI record in the DNS.
As Mailercloud correctly points out, this DNS record contains a URL that points directly to your logo file. The mail provider's server then simply fetches the logo from that URL, just like your web browser would fetch an image from a website.
The role of HTTPS in BIMI
The URL in your BIMI record must start with https://. This is a critical requirement. It means the connection used to retrieve your logo is encrypted and secure. Standard HTTPS traffic uses port 443. So, while a port is technically used, it's the default port for all secure web traffic, not a dedicated BIMI port that you need to configure or open on your firewall.
This process of fetching the logo, as described by services like Fastmail, is an automated part of how the receiving mail server processes an incoming message. There's no special action required on your part other than making sure your logo is hosted at a valid, publicly accessible HTTPS URL.
Common confusion with SMTP ports
The confusion about ports often comes from the email sending process itself. Sending email relies on the Simple Mail Transfer Protocol (SMTP), which uses specific ports like 25, 465, and 587. It's important to understand that these ports are for the transfer of the email message from the sending server to the receiving server.
These SMTP ports have absolutely nothing to do with how the recipient's server later fetches your BIMI logo. The logo fetching happens after the email has already been delivered, using a completely separate HTTPS request.
What this means for you
The fact that BIMI uses standard HTTPS is good news. It simplifies the setup and means you don't have to worry about complex network configurations. Your main responsibilities are:
- Ensuring your domain is authenticated with DMARC at enforcement (p=quarantine or p=reject).
- Creating a valid SVG logo that meets BIMI specifications.
- Hosting the logo file on a secure web server that supports HTTPS.
- Publishing the correct BIMI record in your DNS, pointing to the HTTPS URL of your logo.
In summary, BIMI does not rely on a specific or proprietary port. It leverages the global standard for secure web communication, HTTPS, which uses port 443 by default. This makes BIMI a robust and straightforward standard to implement, relying on the same technology that powers the secure web.
Does DKIM require a specific port for verification?
Can BIMI display a logo without a VMC?
Does BIMI require the SVG to be publicly accessible via HTTPS?
Does BIMI authenticate the logo itself?
Does BIMI use a specific DNS subdomain for its TXT record?
Does BIMI provide a fallback for unsupported clients?
