Where can I find statistics on BIMI adoption by email senders?

Key findings

• Growing adoption: While still relatively nascent compared to older authentication standards, BIMI adoption is steadily increasing, particularly among larger brands and those with strong DMARC enforcement policies. Resources like BIMI Radar track global adoption rates, showing a consistent upward trend over time.
• DMARC prerequisite: A critical finding is that robust DMARC implementation with an enforcing policy (p=quarantine or p=reject) is a prerequisite for BIMI to display. This means the rate of BIMI adoption is intrinsically linked to the maturity of an organization's DMARC posture.
• Early adopter benefits: Brands that have successfully implemented BIMI report benefits such as increased brand recognition, improved email open rates, and a stronger sense of trust from recipients, indicating the value of being an early adopter.
• Challenges with DMARC: Despite BIMI's promise, a significant barrier to its widespread adoption is the slow progress of DMARC implementation to an enforcing policy. Many domains either have DMARC at a 'p=none' policy (monitoring only) or lack comprehensive reporting, making the transition to BIMI more complex. Our guide on how to safely transition your DMARC policy can assist with this process.

Key considerations

• Investment in DMARC: For senders considering BIMI, the primary consideration should be a solid DMARC foundation. This involves understanding your email sending sources and ensuring all legitimate traffic aligns with your DMARC policy. We have a free DMARC record generator tool to help get started.
• VMC requirement: To display a logo in most major inboxes (like Gmail), a Verified Mark Certificate (VMC) is required, adding a cost and administrative layer to BIMI implementation. This is a critical factor for businesses to consider when planning their budget and timeline.
• Brand impact: The visual impact of BIMI, particularly the presence of a verified logo, is seen as a significant step forward in combating phishing and spoofing, offering a clear signal of authenticity to recipients. This improves trust and brand recall.
• Strategic adoption: While not yet universally adopted, the trajectory of BIMI suggests it will become an increasingly important trust signal. Strategic adoption now positions brands favorably for future email authentication standards and recipient expectations.

Key opinions

• Excitement for branding: Marketers are generally enthusiastic about BIMI's ability to display brand logos directly in the inbox, seeing it as a powerful tool for brand recognition and visual differentiation in a crowded email landscape.
• Revenue potential: Some marketers view BIMI implementation as an opportunity to offer a valuable service to clients, especially those looking to boost their email marketing effectiveness and brand trust. It adds a new layer of premium deliverability services.
• DMARC challenges: A recurring sentiment is the difficulty in getting DMARC policies to an enforcing state. Many marketers find that clients or internal teams struggle with the complexity of DMARC reporting and the effort required to align all legitimate sending sources. Our guide on how to fix common DMARC issues can help.
• Trust and legitimacy: There's a strong belief that BIMI will eventually become a standard expectation for email trust, similar to SSL for websites, where the absence of a verified logo might signal a lack of legitimacy to recipients.

Key considerations

• Resource allocation: Implementing BIMI requires dedicated resources, not just for the initial setup, but also for ongoing DMARC monitoring and maintenance. This is a significant consideration, especially for small businesses with limited technical staff.
• Risk assessment: Moving to an enforcing DMARC policy carries inherent risks if not managed carefully, potentially leading to legitimate emails being quarantined or rejected. Marketers advise a cautious approach, focusing on thorough testing and monitoring.
• Client readiness: Marketers need to assess whether their clients are truly ready for BIMI, considering their DMARC maturity, technical capabilities, and willingness to invest in a VMC. For some, the benefits may not yet outweigh the effort.
• Scammer concerns: While BIMI aims to reduce spoofing, marketers are aware of the constant threat of scammers attempting to mimic legitimate brands. They generally trust that trademark authorities and VMC providers will prevent the misuse of BIMI for lookalike phishing attempts, but remain vigilant.

Key opinions

• Pragmatic approach to DMARC: Experts advise a pragmatic approach to DMARC, noting that while full enforcement is ideal for BIMI, even a p=none policy with diligent reporting is a valuable step for visibility without risk. They are often surprised more organizations haven't adopted this minimal-risk reporting phase.
• Value of reporting: The consensus among experts is that DMARC reports are invaluable. They express surprise and concern that many domains either don't receive reports or fail to actively review them, missing critical insights into email authentication failures and potential spoofing.
• BIMI's long-term potential: Despite implementation challenges, experts generally see BIMI as a significant step forward for email security and brand trust. They foresee it becoming an increasingly expected standard for legitimate email in the future.
• Bridging the gap: Experts acknowledge the disparity in resources and technical capability between large corporations and small businesses regarding DMARC and BIMI implementation. They emphasize the need for user-friendly tools and guidance to help smaller entities navigate these complexities.

Key considerations

• Phased DMARC deployment: A key recommendation is to implement DMARC in phases, starting with p=none to gather data before moving to enforcing policies. This methodical approach minimizes disruption and allows for proper identification and alignment of all legitimate sending sources.
• Active report monitoring: Experts stress that simply setting up DMARC reports is not enough. Active monitoring and analysis of DMARC aggregate and forensic reports are essential for identifying misconfigurations, unauthorized sending, and improving authentication. Our DMARC monitoring solution can help.
• VMC and brand protection: The VMC requirement for BIMI provides an additional layer of brand protection by ensuring only verified, trademarked logos are displayed. This mechanism is crucial for preventing spoofing using brand imagery, although it adds complexity. Understanding BIMI accredited certificate providers is important.
• Evolving trust signals: BIMI represents an evolution in how trust is established in email. While its current impact varies by email client, its role in visually confirming sender identity is expected to grow, making it a critical component of future email deliverability strategies.

Key findings

• DMARC requirement: The BIMI specification explicitly states that a domain must have a DMARC record published with a policy of p=quarantine or p=reject to be eligible for BIMI display. This is a non-negotiable prerequisite.
• VMC for major mailboxes: While the core BIMI standard allows for self-asserted logos, major mailbox providers like Google require a Verified Mark Certificate (VMC) issued by an authorized Certificate Authority to display the logo. This adds a layer of commercial validation to the process.
• SVG file format: BIMI logos must be in SVG Tiny 1.2 format and meet specific technical criteria to ensure proper rendering across various email clients and devices. Our guide on BIMI requirements for SVG files details this.
• Increased trust: Documentation from BIMI working groups and supporting organizations consistently highlights the primary goal of BIMI as increasing trust in email by providing visual brand verification, helping recipients quickly identify legitimate senders and deterring phishing attacks.

Key considerations

• DNS record configuration: BIMI is implemented via a DNS TXT record, similar to SPF and DMARC. Accurate configuration of this record is crucial for mailbox providers to locate and validate the BIMI assertion.
• Trademark verification: The logo used for BIMI, particularly for VMC issuance, must be a registered trademark. This legal requirement adds a significant hurdle but also strengthens the authenticity and anti-phishing capabilities of BIMI.
• Continuous authentication: BIMI's display is dynamic and relies on continuous DMARC authentication success. Any issues with SPF, DKIM, or DMARC alignment can prevent the BIMI logo from appearing, making ongoing monitoring essential.
• Mailbox provider support: While adoption is growing, BIMI display depends on support from individual mailbox providers. Senders should verify which providers their audience uses support BIMI to manage expectations regarding logo visibility. Our guide on which email clients support BIMI provides more detail.