Brand Indicators for Message Identification (BIMI)

Sources:

• Google Workspace Help
• What is a BIMI Record? (mxtoolbox.com)
• How To Set Up BIMI (and Why It’s Important in 2023) (beehiiv.com)

title: ## Contents 
style: nestedList # TOC style (nestedList|inlineFirstLevel)
minLevel: 1 # Include headings from the specified level
maxLevel: 4 # Include headings up to the specified level
includeLinks: true # Make headings clickable
debugInConsole: false # Print debug info in Obsidian console

Overview

About

Brand Indicators for Message Identification (BIMI) is an email authentication protocol that allows companies to display their brand logo in the email inbox of their recipients. BIMI is designed to increase brand recognition, email deliverability, and email security.

BIMI adds your brand logo to outgoing email messages.

It is configured via a BIMI TXT DNS Record.

Some email providers support BIMI with a TXT record that refers to a Scalable Vector Graphics (SVG) image file only. However, to display BIMI logos in Gmail, you must use a TXT record that refers to a Privacy Enhanced Mail (PEM) file. The PEM file includes your logo.

Simply put, BIMI allows you to show off a trusted sender logo with all of your emails. The primal purpose is to verify that you are who you say you are—not a scammer or spammer. BIMI works alongside three other important methods for verifying your sender information:

• Domain-based Message Authentication, Reporting, and Conformance (DMARC)

• Domain Keys Identified Mail (DKIM)

• Sender Policy Framework (SPF).

Don’t worry too much about those three jargony terms yet. We’ll cover how they tie into BIMI in just a little bit, but for now, let’s look a little closer at BIMI.

BIMI is one of the latest emerging technologies in online security that helps authenticate who you are as an email sender. The main benefit for you as a newsletter publisher is that it essentially helps you build trust with your subscribers.

When you use BIMI, it helps protect your email domain from being used by hackers to send sketchy emails. With BIMI implemented, your logo always shows up with your emails, so recipients know the email is truly coming from you.

Setup DNS Records

1. Create BIMI DNS TXT Record:

Important:

In BIMI syntax, the number 1, the uppercase letter i (I), and the lowercase letter L (l) all appear similar. Be aware of this when creating the DNS TXT record.

For a PEM file:

v=BIMI1;l=;a=https://domain.com/brand/certificate.pem

For a SVG file:

v=BIMI1;l=https://domain.com/brand/bimi-logo.svg

For the Host, use default._bimi_. followed by the domain name.

default._bimi_.noclocks.dev.

For TTL set to 1h.

Notes

A BIMI Record is a type of DNS Record used to display a company’s logo inside an email inbox if the email is trustworthy. Brand Indicator Message Identification (BIMI) Records are an industry-wide effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. This standard has already been rolled out by inboxes such as Gmail, Yahoo!, Apple Mail, and several others.

Though it’s already been rolled out by large inbox providers, each inbox’s use of BIMI varies. For example, Gmail displays a blue “verified” check mark next to the sender’s email address in both desktop and mobile apps if the email passes BIMI tests. On the other hand, Yahoo! displays a company’s actual brand logo, but only on their mobile apps. The BIMI standard will continue to evolve with the aim of providing all email users with a robust means to visually identify trustworthy emails against phishing/spam emails posing as businesses upon their arrival to the email inbox.

Why Implement BIMI?

• Your domain’s logo gets prominently displayed in the inbox (see below image)
• Delivering mail to Gmail users means that you get a blue verified check mark
• Improved delivery rates as inboxes find messages that pass BIMI and DMARC the most trustworthy—early results indicate a 10% open rate increase amongst Yahoo! users

How BIMI Records Work

A fairly recent improvement, most of today’s email shows your brand’s initials in the customers’ inboxes (e.g., R signals Redbox, DT means Discount Tire). This helps current and potential clients identify and trust messages received by these recognizable companies. With BIMI records, that trust factor significantly increases because an actual logo is used in place of mere initials or lack thereof. Publishing a DNS Record automatically integrates your brand into every email sent from your domain (e.g., Best Buy logo displayed instead of BB), which allows message recipients to recognize and have confidence in clicking the message in question.

Requirements of BIMI Records

Using BIMI requires ensuring DMARC authentication is set up on the domain. In fact, the BIMI concept is viewed as an extension of DMARC. Both protocols are highly beneficial to ensuring a domain’s messages are delivered and to help crack down on phishing and spoofing attempts. If you haven’t set up DMARC yet, you can read more here about setting up DMARC. 

Steps to Publish BIMI Records

After getting DMARC set up and ensuring it’s running smoothly for your domain (i.e., monitoring DMARC performance and verifying no delivery issues moving policy to quarantine or reject), integrating the extra bonus of BIMI starts with adding a DNS Record for BIMI, then publishing your logo.

If there’s been something holding you back from implementing DMARC, our Delivery Center tool will put your company on the right path to enabling and enforcing DMARC. If you’ve already set up DMARC, we recommend discussing your specific situation with one of our email delivery experts to ensure your business is set up correctly and optimized for the best email delivery. You might be missing key DMARC insights or accidentally overlooking important email delivery problems. MxToolbox products have everything that you need to employ DMARC and increase email delivery rates for your brand. After all, your company’s reputation depends on it.

1. Authenticate Your Brand’s Emails with DMARC, SPF, DKIM

First off, in order to get BIMI set up, you need to understand that it works in conjunction with a few other authentication protocols to verify to your readers that you are, in fact, you!

Before enabling BIMI, you need to have a few other protocols set up: DMARC, SPF, and DKIM:

1. Ensure all three of these are set up and aligned properly.

2. Set up a DMARC record on your “From” domain. Remember: the reject policy in the record must either be p=reject or p=quarantine.

If you’re unsure of how DMARC works, or you need more help, you can check out beehiiv’s handy DMARC resource.

2. Create an SVG Tiny PS Logo

Next up, it’s time to create the logo you’ll use in your emails. To do this, you have to create a very specific file type called an SVG. Plus, you’ll have to ensure the image is the right size so it’s compatible (and looks correct).

Here are some rules when creating your new verified sender logo:

• SVG format (scalable vector graphics)

• Centered image

• Square aspect ratio

• Solid background color

• Under 32 kb

Remember to make sure your logo has enough space on the outside. Sometimes the outside edges will be circular or square depending on the email provider. You don’t want it to get cut off in the inbox.

Once your logo is created as an SVG file, upload it to a public server.

3. Get a VMC

To ensure your logo displays in Gmail, you’ll need to acquire a VMC. A VMC, or verified mark certificate, is a way to digitally legitimize and certify your logo online.

You can set up your logo’s VMC with Entrust or DigiCert.

4. Publish a BIMI DNS Record

Next up, you’ll have to head over to your domain dashboard (or wherever you manage your domain). Once you’re there, you’ll have to create a text record within your domain’s nameservers.

While the next part is going to seem quite complicated because of all the crazy numbers and letters, the process is quite straightforward, as it’s just a simple copy-and-paste job.

In your domain manager, go to your DNS. Create a new TXT record at the default._bimi subdomain.

Add the following values:

default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL];“

Then, fill in these sections:

• SVG URL: the web address where you’re hosting your SVG file

• PEM URL: the web address where you’re hosting your Verified Mark Certificate

• Domain: your domain name (i.e. beehiiv.com)

Most DNS providers will require you to enter your BIMI record in two areas:

The first field is: default._bimi.example.com

The second field is: v=BIMI1; l=https://example.com/bimi-logo.svg

5. Verify BIMI Is Set Up Correctly

Your last step is to double-check that everything is set up just right. To do this, head over to the BIMI Group’s BIMI inspector tool to ensure you’ve set everything up correctly.

Before verifying your BIMI, you should wait about 24 hours after you’ve set everything up. Once you plug everything into the inspector tool, it will tell you if it’s working properly or if there’s something you need to change. The tool will tell you of any potential log issues, and you’ll even be able to preview it in different display scenarios.

Make Your Newsletter Stand Out in the Inbox

In the ever-changing world of email, it’s more important than ever to ensure your newsletter is standing out in the inbox.

With BIMI, you’ll now be one step closer to establishing yourself as a trusted sender and a recognized brand.

If you want to ensure you continue to separate yourself from the hundreds of emails in your readers’ inboxes, then you need to use a trusted email newsletter platform.

At beehiiv, it’s never been easier to launch, grow, and scale an email newsletter. At beehiiv, we understand what it takes to establish yourself in the newsletter game. Our platform is made by creators, for creators, and is stacked with a variety of tools to help you master the inbox.

---

Appendix

Note created on 2024-05-02 and last modified on 2024-05-02.

Backlinks

LIST FROM [[Brand Indicators for Message Identification (BIMI)]] AND -"CHANGELOG" AND -"//Brand Indicators for Message Identification (BIMI)"

---

(c) No Clocks, LLC | 2024