How to setup BIMI when sending from Iterable through SES shared pools?

Key findings

• Default SPF: Amazon SES often passes SPF checks through its return-path domain (amazonses.com) which is sufficient for basic deliverability but not for BIMI.
• BIMI requirements: BIMI necessitates direct SPF and DKIM authentication alignment with your sending domain, which goes beyond the default SES shared pool setup.
• DMARC policy: A DMARC policy set to enforcement (either quarantine or reject) is a prerequisite for BIMI to function. You can learn more about DMARC setup for BIMI here.
• Custom DKIM: You will typically need to configure custom DKIM for your sending domain within Iterable, which then interacts with SES.
• Iterable’s role: Iterable provides the specific DNS records you need to add to your domain for proper authentication.

Key considerations

• Configure custom DKIM: Work with Iterable to set up custom DKIM for your sending domain, as this is critical for BIMI alignment. Amazon SES documentation provides guidance on BIMI setup.
• DMARC policy implementation: Ensure your DMARC record is published with a policy of p=quarantine or p=reject.
• SPF alignment: Understand that for BIMI, your SPF record must align with your From: domain. For more on how shared infrastructure affects SPF alignment with SES and Iterable, see our guide.
• Work with support: Engage with Iterable's support team or your Customer Success Manager to get the precise DNS records needed for your domain setup.

Key opinions

• Surprise with SPF: Many marketers are surprised to find no explicit SPF record for their sending domain when using SES shared pools, despite successful email delivery.
• BIMI's strictness: There's a consensus that BIMI demands full, explicit configuration of SPF, DKIM, and DMARC for the specific sending domain, not just relying on the ESP's (Email Service Provider's) default authentication.
• ESP role: Marketers frequently note that ESPs like Iterable are responsible for providing the necessary custom DKIM keys and guidance for DNS setup.
• DMARC importance: It's broadly understood that a DMARC policy in enforcement mode (quarantine or reject) is a critical step for BIMI compliance.

Key considerations

• Proactive configuration: Don't assume default deliverability equals BIMI readiness. Actively pursue custom DKIM setup with your ESP. For more on BIMI implementation steps, check our guide.
• Contact ESP support: If unsure, marketers should reach out to their ESP's support or deliverability team for precise DNS record requirements and assistance.
• DMARC enforcement: Prioritize getting your DMARC policy to a strict enforcement level for both your subdomain and apex domain.
• Iterable’s documentation: Refer to Iterable's own resources, such as their blog on BIMI, for specific guidance related to their platform.

Key opinions

• SPF by default: Experts confirm that SES's default setup uses a return-path that ensures SPF passes against amazonses.com, not necessarily your sending domain.
• Full configuration: For BIMI, experts stress that you must fully configure your own sending domain, including SPF and DKIM records, to achieve DMARC alignment.
• DMARC enforcement: A DMARC policy of p=quarantine or p=reject is consistently cited as mandatory for BIMI, affecting both the subdomain and apex domain.
• ESP collaboration: Experts advise that ESPs like Iterable should provide clear instructions and support for setting up custom domain authentication within their platform.

Key considerations

• Custom DKIM setup: Prioritize configuring custom DKIM keys provided by Iterable for your sending domain. For more on DKIM selector name examples, see our guide.
• DMARC policy enforcement: Ensure that your DMARC policy is actively set to quarantine or reject. This step is critical for safely transitioning your DMARC policy.
• DNS work: Be prepared to implement DNS changes for your sending domain, as this is where SPF, DKIM, and DMARC records reside.
• BIMI setup guide: Consult comprehensive guides on BIMI setup, which often detail the step-by-step process, including DNS record creation. The SSL Store provides a detailed guide.

Key findings

• DMARC alignment: BIMI requires that both SPF and DKIM authentication pass and align with the email's From: domain, under an enforced DMARC policy.
• SES capabilities: Amazon SES offers features like Easy DKIM and custom Mail From domains to help users achieve the necessary DMARC and BIMI compliance.
• Iterable setup: Iterable's documentation typically provides detailed instructions on how to set up custom sending domains, including the required DNS records for DKIM.
• VMC requirement: A Validated Mark Certificate (VMC) is often cited as a requirement by some mailbox providers for displaying the BIMI logo.

Key considerations

• Consult official docs: Always refer to the most current documentation from Iterable, Amazon SES, and the BIMI Group for accurate configuration guidelines.
• Align authentication: Ensure your SPF and DKIM records directly align with your sending domain, rather than relying solely on the shared pool's default SPF. For DMARC alignment guidance, refer to our resources.
• Enforce DMARC: Establish a DMARC policy of p=quarantine or p=reject before proceeding with BIMI implementation.
• BIMI requirements: Familiarize yourself with the full BIMI requirements, including the SVG logo specifications.