According to an independent report by Symantec in 2018, almost 85% of all emails are spam, and there’s always a battle to stop them. Multiple efforts have included the implementation of SPF, DKIM, and DMARC, which has now become pretty mainstream. If you are already using EmailOctopus, then you are likely already using SPF and DKIM to verify every email sent through us.
Now apart from these, a new email specification is being implemented called BIMI, which wants to certify the email is from a company, till now everything, including SPF, DKIM, and DMARC, has been focusing on domain only, whereas BIMI wants to focus on the company and their trademark.
Note: Before discussing more aboutBIMI, you need to understand that you need not rush to implement BIMI as it’s still being tested and not widely adopted. Moreover, it’s expensive to implement too.
What is BIMI
BIMI (Brand Indicators for Message Identification) is a new email specification that helps brands display their logo on email clients. It’s being developed by Authindicators Working Group, an organisation that Fastmail, Google, MailChimp, Proofpoint, SendGrid, Validity, Valmail, and Yahoo back.
To show the logo, businesses need to have a VMC (Verified Mark Certificate), which verifies whether or not the logo is a registered trademark of the brand. Apart from having a VMC, successful deployment of DMARC is also required.
Some of you might be confused about the significant benefit of BIMI as we already have SPF, DKIM, and DMARC. To understand this, let’s look at the primary role of all these records and specifications.
SPF (Sender Policy Framework): It defines whether or not the mail servers are allowed to send emails from your domain.
DKIM (DomainKeys Identified Mail): It is a cryptographic authentication to validate and sign emails sent via the domain. Think of it as SSL for emails.
DMARC (Domain-based Message Authentication, Reporting & Conformance): This TXT record instructs email clients on what to do if any of the above fails.
While all these above records work on the domain level, BIMI focuses on providing a verified visual identity in the user’s inbox by showcasing the brand’s logo, which helps recognise the sender.
It’s also a great way to stop users from falling into phishing attacks which are common for sites like Facebook and Amazon.
Use of BIMI
Primarily BIMI is meant for better brand identity, but it also has several other benefits. Let’s have a look at some of them.
- Avoid phishing attacks
The best use case of BIMI is to help organisations stop phishing, as once BIMI is fully implemented and widely adopted, users can see whether or not the sender is the owner of the logo. Gmail has started showing a blue tick for organisations that have adopted BIMI along with VMC.
2. Make emails stand out
Right now, there’s no way to set your brand logo across all email clients as a display picture; once BIMI is adopted by all the email clients, brands will get a way to show their logo as a display picture, making them stand out from other emails.
3. Consistent brand experience
BIMI ensures that the brand logo is shown consistently in all email clients. This helps people quickly identify the sender, reinforces brand identity and creates a consistent brand experience.
4. Enhanced Brand Trust
Blue ticks on socials so far have been related to trusty worthy accounts, which is what Google is implementing on Gmail. BIMI will help businesses get a blue tick in all email clients (this may or may not happen; right now, only Gmail shows a blue tick), enhancing the user’s trust in the email.
Requirements for BIMI
When it comes to successfully implementing BIMI, there are multiple requirements that can vary from email client to client. Let’s go through these requirements one by one.
1. Valid DMARC record
The first requirement of having BIMI is to have a valid DMARC record set to either p=quarantine or p=reject.
2. BIMI DNS Record
Apart from having a valid DMARC record, a BIMI DNS record is required too, which comprises of BIMI version (BIMI 1 for now), a hosted web address to your logo (should have HTTPS and preferably in 1:1 ratio) and a VMC link (optional for now).
3. VMC (optional for now)
This certificate is given by certifying authorities like DigiCert, which verifies that the domain owner can use the logo. To apply for a VMC, it’s mandatory to have a registered trademark. Also, getting a VMC for a year is nearly $1,500.
Support for BIMI
BIMI is still in its early stages and is not 100% supported by all email clients and those who do haven’t implemented it globally. Here’s the current status of BIMI implementation.
Apple: Shown in the mobile app only once you open the email.
Fastmail: Shown in the mobile app and webmail only when you open the email.
Gmail: Shown in both the mobile app and webmail when you open the email. Additionally, the logo is visible in the inbox list on the webmail.
La Poste: Shown in webmail only.
Yahoo: Shown in the mobile app and webmail when you open the email. Additionally, the logo is visible in the inbox list on the webmail.
Zone: Shown in webmail only.
The above data source is by BIMI Group; apart from email client support, your trademark needs to be approved by one of the below-mentioned intellectual property offices to qualify for VMC.
The BIMI Group has said they’ll work continuously to support logos trademarked under other trademark offices by adding them to the list of supported ones.
Conclusion
BIMI is an excellent approach towards better brand identity and email security. Though it’s very new, indeed has the potential to go big.
That being said, it’s not something everyone should rush towards implementing as it’s not yet widely adopted and is very expensive to implement. Moreover, it requires some amount of technical knowledge too. At this stage, it’s only viable for organisations such as Amazon and CNN that send large volumes of critical business emails and could benefit from it.
We need to wait for some more years and see how this develops, and if it becomes necessary, you’ll surely get to know about it. Till then, focus on general email configurations such as SPF, DKIM and try to send emails that your users would love to engage with, as that’s going to help you build a reputation.