Summary
Brand Indicators for Message Identification, or BIMI, is an email specification designed to enhance brand visibility within the inbox by displaying a company's logo next to authenticated messages. This standard is fundamentally tied to DMARC, requiring an enforced policy-typically 'quarantine' or 'reject'-to ensure message authentication. To achieve prominent logo display with major email providers, organizations often need a Verified Mark Certificate, or VMC, which authenticates the trademarked logo. While BIMI itself does not prevent spoofing, its prerequisite of a robust DMARC policy significantly bolsters email security, ultimately contributing to increased brand recognition, trust, and potentially improved email engagement and deliverability.
Key findings
- Core Functionality: BIMI allows organizations to display their trademarked brand logo directly in the email inbox, enhancing visual brand recognition for authenticated messages.
- DMARC Dependency: A critical prerequisite for BIMI is an enforced DMARC policy set to 'quarantine' or 'reject', which indirectly boosts deliverability by making emails more trustworthy.
- VMC Requirement: Most major email providers necessitate a Verified Mark Certificate, or VMC, for prominent logo display, verifying the authenticity of the trademarked brand logo.
- Security Enhancement: BIMI reinforces email security not by preventing spoofing directly, but by visually confirming that emails have passed DMARC authentication checks, thus leveraging DMARC's anti-phishing capabilities.
- Brand & Engagement Benefits: Implementing BIMI can boost brand trust and reputation, leading to improved email engagement and a more professional appearance for communications.
- Growing Adoption: Support for BIMI is expanding across major email clients and providers, including prominent names like Gmail, Apple Mail, Yahoo Mail, and Fastmail.
Key considerations
- Implementation Hurdles: Setting up BIMI involves technical steps such as configuring specific DNS TXT records and ensuring the logo is in the SVG Tiny PS format, hosted securely.
- Trademark & VMC Costs: Organizations must possess a trademarked logo, and obtaining a Verified Mark Certificate, or VMC, can incur costs and involve a specific application process.
- Limited Security Scope: BIMI is a visual indicator that relies on DMARC for actual spoofing prevention; it does not offer standalone protection against lookalike domains.
- No SEO Impact: BIMI is an email-specific standard and does not affect search engine optimization or website ranking.
- Potential Bandwidth Usage: For large volume senders, there could be a minor increase in bandwidth and connections due to the fetching of SVG logos by email clients.
- Strategic Fit: The greatest commercial benefits and measurable ROI for BIMI are often seen by large volume senders with well-established domain reputations.
What email marketers say
17 marketer opinions
BIMI (Brand Indicators for Message Identification) stands as a visual email authentication standard that allows brands to display their official, trademarked logos directly in the recipient's inbox. While it enhances brand recognition and user trust, BIMI's core strength lies in its reliance on a robust DMARC policy set to enforcement (p=quarantine or p=reject), which significantly boosts email security by preventing phishing and spoofing. Implementing BIMI involves specific technical steps, including DNS record setup and using a specialized SVG Tiny PS logo, often requiring a Verified Mark Certificate (VMC) for major provider display. Although it doesn't directly impact email deliverability or SEO, its DMARC prerequisite contributes to a stronger sender reputation, potentially leading to better inbox placement.
Key opinions
- Enhanced Brand Visibility: BIMI elevates brand recognition and trust by showcasing an authenticated, trademarked logo directly within the email inbox, improving overall email experience.
- DMARC Enforcement Prerequisite: A non-negotiable requirement for BIMI is an enforced DMARC policy set to 'quarantine' or 'reject', which significantly enhances domain reputation and email authentication.
- Indirect Deliverability Boost: While BIMI itself does not directly impact deliverability, its foundational requirement of a strong DMARC policy significantly improves sender trustworthiness, indirectly aiding inbox placement.
- Security Reinforcement via DMARC: BIMI acts as a visual confirmation that an email has passed DMARC checks, thereby leveraging DMARC's power to combat phishing and spoofing attacks. It does not prevent spoofing independently.
- VMC for Prominent Display: To ensure logo display by most major email providers, such as Gmail, the brand logo must be trademarked and verified through a Verified Mark Certificate (VMC).
- Widespread Provider Support: Key email clients and providers including Gmail, Apple Mail, Yahoo Mail, and Fastmail currently support BIMI, with adoption continuing to grow across the industry.
- SVG Tiny PS Requirement: The brand logo for BIMI must be in the SVG Tiny PS format, a specific, restricted version of SVG designed for enhanced security and consistent display across different email clients.
Key considerations
- Complexity of Setup: Implementing BIMI involves specific technical steps, such as configuring DNS TXT records, ensuring the logo is in the correct SVG Tiny PS format, and serving it over HTTPS, which can pose challenges during setup.
- Best Suited for Established Senders: The most significant commercial benefits and measurable ROI from BIMI typically accrue to large volume senders with well-established domain reputations.
- Limited Direct Security Scope: BIMI functions as a visual indicator and relies entirely on DMARC enforcement for actual spoofing prevention; it does not independently protect against lookalike domains.
- Trademark and VMC Costs: Organizations must possess a trademarked logo, and obtaining a Verified Mark Certificate, or VMC, incurs costs and involves a specific verification process with Certificate Authorities.
- No Impact on SEO: BIMI is exclusively an email standard and has no direct influence on search engine optimization or website ranking.
- Potential Bandwidth Implications: For very large companies, there might be a minor increase in bandwidth usage and connections due to email clients fetching SVG logos.
- Ambiguity of 'a=' Tag: Questions persist regarding the purpose and future plans for the `a=` tag in BIMI syntax, especially concerning its role with 'Trusted Authorities' and logo verification.
- Traffic Type Coverage: It is not always clear whether all traffic types, including both commercial and transactional emails, are consistently covered by BIMI implementations across various providers.
- ROI and Cost Shifting: Some marketers question the measurable return on investment for BIMI and whether its implementation serves primarily as a mechanism to shift DMARC enforcement costs to marketing departments.
Marketer view
Email marketer from Email Geeks shares that BIMI may only work for large volume senders with established reputations.
9 Nov 2024 - Email Geeks
Marketer view
Email marketer from Email Geeks asks for clarification on what traffic types, commercial versus transactional, are covered by BIMI.
14 Sep 2023 - Email Geeks
What the experts say
5 expert opinions
Discussions among email deliverability experts frequently clarify BIMI's operational mechanics and strategic intent. A central theme is BIMI's inextricable link to DMARC, particularly its requirement for enforced DMARC policies such as 'quarantine' or 'reject'. This necessity underpins BIMI's function, ensuring brand logos are displayed only for authenticated messages. Furthermore, experts reveal that BIMI's development was, in part, motivated by a strategic aim to shift the financial and operational responsibilities of DMARC implementation and maintenance towards marketing departments. Practical advice often centers on the acquisition of a Verified Mark Certificate (VMC) as a critical step for prominent logo display, with the 'a=' tag in BIMI records likely indicating certificate-based verification.
Key opinions
- DMARC Enforcement Requirement: BIMI strictly requires domains to enforce DMARC policies, meaning messages must pass DMARC with a policy of 'quarantine' or 'reject' for the brand logo to display.
- BIMI's Strategic Motivation: A key impetus behind BIMI's development was to integrate DMARC's implementation and ongoing maintenance as a cost center within the marketing function.
- VMC Centrality: Acquiring a Verified Mark Certificate, or VMC, is a frequently cited prerequisite for prominent logo display across major email providers, essential for real-world BIMI effectiveness.
- Foundation and Benefits: BIMI serves as a visual indicator of email authentication, leveraging DMARC to enhance brand recognition and trust, thereby answering fundamental questions about its purpose and prerequisites.
Key considerations
- Domain Alignment Necessity: For BIMI to function correctly, understanding and ensuring domain alignment with DMARC is paramount, as BIMI builds directly upon DMARC's authentication framework.
- Practical Implementation Steps: Implementing BIMI involves practical complexities such as enforcing DMARC and acquiring a Verified Mark Certificate, or VMC, for logo verification, which are critical steps for successful deployment.
- 'a=' Tag Implications: The purpose and future application of the 'a=' tag in BIMI records are subjects of ongoing discussion, with indications it will be driven by certificate-based validation, like a VMC.
- Cost Center Evaluation: Some experts view BIMI as a mechanism to shift the operational costs and responsibilities of DMARC implementation and maintenance more towards marketing departments, influencing budget considerations.
Expert view
Expert from Email Geeks asks if BIMI requires domain alignment, noting its relevance for DMARC understanding.
18 Apr 2022 - Email Geeks
Expert view
Expert from Email Geeks responds that BIMI's underlying impetus was to shift the cost center of implementing and maintaining DMARC towards the marketing function.
22 Sep 2022 - Email Geeks
What the documentation says
6 technical articles
Common questions about BIMI often center on its functionality and setup. BIMI allows brands to display their logo in email inboxes for authenticated messages, a process that inherently relies on a strong DMARC enforcement policy, such as 'quarantine' or 'reject'. A key component for prominent logo display, particularly with major email providers like Google's Gmail, is the Verified Mark Certificate (VMC), which digitally verifies the authenticity of a trademarked logo. While implementation presents challenges like ensuring DMARC enforcement, securing a trademarked logo, managing VMC costs, and correctly formatting the SVG logo file, BIMI's adoption continues to grow, especially among larger entities leveraging its brand and security advantages.
Key findings
- BIMI's Core Requirements: Brand Indicators for Message Identification (BIMI) requires DMARC enforcement, typically a 'quarantine' or 'reject' policy, and often a Verified Mark Certificate (VMC) for the prominent display of an organization's brand logo next to authenticated messages.
- Gmail Logo Display: For a BIMI logo to appear in Gmail, an organization must have an enforced DMARC policy and obtain a Verified Mark Certificate (VMC) from a recognized Certificate Authority for their trademarked logo.
- VMC's Role: A Verified Mark Certificate (VMC) is a digital certificate that verifies a trademarked logo's authenticity and links it to the sender's domain, proving crucial for BIMI adoption as major email providers require it to display logos and confirm brand legitimacy.
- Growing Adoption: BIMI adoption is steadily increasing, particularly among large brands that have already achieved DMARC enforcement, as more email clients and organizations recognize its benefits for brand recognition and security.
Key considerations
- Implementation Challenges: Common hurdles in BIMI implementation include the strict DMARC enforcement requirement, the necessity of a trademarked logo, the cost and process of obtaining a Verified Mark Certificate (VMC), and ensuring the SVG Tiny PS logo file is in the correct format and hosted properly.
- DNS Record Configuration: Adding a BIMI DNS record involves creating a TXT record named 'default._bimi' followed by your domain, with a value containing 'v=BIMI1;l=your_logo_url.svg;a=your_vmc_url.pem;' where the 'a' tag for the VMC is generally recommended.
Technical article
Documentation from DMARC.org explains that Brand Indicators for Message Identification (BIMI) is an email specification enabling organizations to display their brand logo next to authenticated messages, requiring DMARC enforcement and often a Verified Mark Certificate (VMC) for prominent display.
12 Dec 2022 - DMARC.org
Technical article
Documentation from Google explains that for a BIMI logo to appear in Gmail, an organization must have an enforced DMARC policy (p=quarantine or p=reject) and obtain a Verified Mark Certificate (VMC) from a recognized Certificate Authority for their trademarked logo.
11 Apr 2022 - Google Workspace Admin Help
Is BIMI available for email clients and what are its implementation requirements?
Is BIMI easily spoofed and are there drawbacks to BIMI implementation?
What are the benefits and requirements of BIMI for email deliverability and branding?
What are the requirements for BIMI, and how do I troubleshoot authentication failures?
What are the requirements to implement BIMI, and which providers support it?
What are the steps for BIMI verification and logo display?
