What is BIMI and what is it responsible for?

BIMI as an additional security mechanism in e-mail marketing

Ilona Srebnicka avatar
Written by Ilona Srebnicka
Updated over a week ago

What is BIMI?

Brand Indicators for Message Identification, or BIMI, is a mechanism, and a description of a new security standard, that allows the use of the logo of a selected company within an email service. It provides protection for users against phishing attacks while allowing original brands to confirm their identity.

The BIMI standard enables verification of sender authenticity through two mechanisms:

  • Recipients of e-mails sent from a domain with a valid BIMI record can download the logo and display it together with the e-mails.

  • The brand logo can be presented in the message list when viewing emails on mobile devices or when the message list is expanded, further confirming the authenticity of the sender.

Once BIMI has been implemented, a company can configure its email server to include a special header (VBR-Info) with each message sent. This header contains information about the location where the original company logo can be found. The company then enters the relevant data into the DNS record of its domain, thus confirming its identity.

In practice, this means adding a so-called "BIMI record" to the DNS settings of the domain.

This record contains the detailed information used to configure the company logo in accordance with the BIMI standard. Below is a general description of the data that is typically included in a BIMI record:

  • Location (location) - specifies where exactly the company logo is located; this can be a URL pointing to an image of the logo on a web server.

  • Format (format) - specifies the format of the image file, for example SVG, PNG or another supported format.

  • Hash (hash) - is a cryptographic hash of the logotype image, acting as a unique 'fingerprint' of the file in question. In the context of BIMI, it is used to verify that the logotype image has not been tampered with during email transmission.

An example BIMI record in DNS might look like this:

default._bimi.example.com IN TXT "v=BIMI1; l=https://example.com/logo.svg; h=sha256:abcdef123456..."

In this example:

  • v=BIMI1 indicates that this is a record that conforms to version 1 of the BIMI standard.

  • h=sha256:abcdef123456... is the hash of the logotype image.

This data allows the recipient's mail servers to verify that the logo received is authentic and from a genuine company.

Currently, BIMI is supported by Apple Mail, Gmail (which additionally requires a VMC certificate), Fastmail, or Yahoo! among others. You can find a full list of providers using BIMI here.

How do you implement BIMI for your domain?

The process of implementing BIMI is based on a text file with a specific format, which is placed on the servers that send the emails. In practice, BIMI enables a company to publish a new, standardised DNS record for a domain. This allows the company's logo to be displayed next to the email in the customer's inbox.

Implementing BIMI for a domain consists of 3 steps:

  1. Firstly, configure SPF, DKIM and DMARC for your shipping domain. Full instructions for implementing authentication entries can be found here: SPF, DKIM and DMARC.

  2. Secondly, create a new BIMI DNS entry. To be able to perform this step, you must have full access to the console with DNS management capabilities, i.e. the ability to rename domain servers.

  3. Thirdly, implement the logo in SVG, or Scaled Vector Graphic, format. The logo should be properly scaled and have a solid background without transparency. It is recommended that the file size should not exceed 32 kilobytes, although it can also be much smaller. An online tool that generates a BIMI notation, such as https://powerdmarc.com/pl/bimi-record-generator, can be used to prepare the file accordingly.

The verification process with BIMI

It all starts when the receiving server receives the email. The server analyses the VBR-Info header and then searches the sender's DNS, comparing the data with the header.

Note that a missing or inconsistent record ends the verification. If DNS verification is successful, the server retrieves the logotype from the specified location, calculates the digest and compares it with the value from the sender's DNS. A match indicates the authenticity of the message.

If successful, the logotype may appear next to the email, supporting the identification of the sender and reducing the risk of phishing.

Why set up BIMI?

There are several benefits associated with using BIMI. Let's list and briefly characterise a few of them:

  • Increased trust: A logo next to the email confirms the identity of the company, building trust with recipients.

  • Easier identification of senders: BIMI makes it easier to identify messages from trusted senders, especially in marketing emails.

  • Reduced risk of phishing: A visible logo helps to quickly identify genuine senders, reducing the risk of phishing attacks.

  • Improved user experience: The addition of a logotype improves the attractiveness of the message while increasing company recognition.

  • Security standard: BIMI introduces a standard for verifying emails, increasing confidence in their authenticity. However, effectiveness depends on implementation by senders and handling by email clients, which may require cooperation between companies and email service providers.

Need additional help?

If you have any additional questions about email deliverability, please contact us at hello@edrone.me.

Did this answer your question?