What Is BIMI in Email?
Brand Identifiers for Message Identification (BIMI) is a method for organisations to get their logo displayed on their email messages within supporting mailboxes. The purpose of BIMI is for email providers to verify the email came from the correct sending domain and instil trust in recipients that the email is legitimate and not a spoofing or phishing attempt.
In addition to its intended purpose, BIMI gives organisations a chance to “stand out” in a recipients inbox, increasing engagement and strengthening brand identity. The creators of BIMI have since formed the AuthIndicators Working Group to spread the word and encourage email providers and organisations to get on board.
How does BIMI work?
BIMI is a text record that sits within an organisation’s DNS records on their sending servers. When a recipient’s email service provider receives an email, it checks that the text record locates the organisation’s correct sending server. Once confirmed, it will pull the logo from wherever it is being hosted (the URL is in the text record) and display it next to the message in the recipient’s inbox.
What do I need to do to set up BIMI?
Some prerequisites are needed to be able to add BIMI to your email domain;
- Sender Policy Framework (SPF) must be in place.
- DomainKeys Identified Mail (DKIM) must be in place.
- Domain-based Message Authentication, Reporting and Conformance (DMARC) must be in place.
- The image can only be a logo with no additional text.
- The image must be in Scalable Vector Graphic (SVG) format.
- The image must be a perfect square.
- You must serve the image from an HTTPS source.
By having SPF, DKIM and DMARC in place, an organisation has already taken significant steps in securing its email security. BIMI adds to this by providing Mail User Agents (MUAs) with an additional layer of checking and giving recipients enhanced trust that an email is legitimate. You can read more about SPF, DKIM and DMARC here.
The text record is a fixed version string format. It must be located in a “default._bimi” record and sit under the second-level domain (for example, default._bimi.eventura.com). The string begins with v=BIMI1, followed by a semicolon separator and a space (; ), and then an “l=” tag that contains the image URL. Here is an example of how the text record would look;
v=BIMI1; l=https://eventura.com/images/logo.svg; N.B. The l tag in the text record is a lowercase L.
For more detailed information on how BIMI works for both recipients and senders, take a look at the BIMI working groups’ Brand Identifiers for Message Identification draft here.
Should I be using BIMI?
BIMI is still in its infancy, with only a handful of MUAs adopting the pilot. With big players like Google recently getting onboard, BIMI will likely become a commonly used email verification tool. BIMI is also an attractive (and accessible because it’s free) proposition for organisations who are striving for ways to represent their brand better.
It’s important to remember that you can’t implement BIMI until you have SPF, DKIM and DMARC in place. If you want to tighten up your email security and protect your organisation from scammers trying to imitate you, these are the first steps. Once they’re in place, BIMI can follow.
With nearly 20 years of experience in cybersecurity, Eventura has helped countless businesses improve their email security. If you would like to speak to one of our experts about improvements to your email security, you can request a free call back here.
