LetzRelay blog

log

March 8, 2023

BIMI: Yet another email marketing stuff?

blog post 2023-03-08

Introduction

BIMI (Brand Indicators for Message Identification) is a new standard designed to help email receivers verify the authenticity of emails from a visual point of view. Being an email authentication protocol, it enables senders to display their logos in the recipient's inbox, providing visual confirmation that the message is authentic. BIMI builds upon existing email authentication protocols like SPF, DKIM, and DMARC, adding an additional layer of verification that allows email receivers to check the authenticity of the sender's logo and display it in the recipient's inbox.

BIMI vs. DKIM, what's the difference in the end?

DKIM (DomainKeys Identified Mail) and BIMI are both email authentication standards, but they serve different purposes.

DKIM is a method for verifying that an email message was actually sent by the domain that it claims to be from, and that the message hasn't been tampered with during transmission. DKIM involves adding a digital signature to the header of an email message, which is then verified by the recipient's email server to ensure that the message is legitimate.

BIMI is a standard for displaying brand logos in email messages. BIMI allows email senders to include a verified logo image in their email messages, which is then displayed in the recipient's inbox next to the message. BIMI requires DKIM authentication to be set up before the logo can be displayed.

To make short, DKIM is a method for email authentication and message integrity that mainly remains in the backend of an email application process, while BIMI is a standard for displaying brand logos in email messages, so it is raised to the frontend of the email application. While DKIM is a prerequisite for BIMI, they serve different purposes and are used in different parts of the email ecosystem.

Requirements, validation, guarantee & benefits

BIMI requirements

  1. BIMI Record

    A BIMI record is a DNS TXT record that provides information about the sender's logo and how it should be displayed in the recipient's inbox. The BIMI record contains the following elements:
    • The location of the sender's logo.
    • The size of the logo.
    • The format of the logo.
    • A verification mark that confirms that the sender is authorized to use the logo.

  2. Logo requirements

    To display a logo using BIMI, the logo must meet the following requirements:
    • The logo must be a valid SVG file.
    • The logo must be hosted on a secure server using HTTPS.
    • The logo must be at least 144x144 pixels in size.

  3. Verification Mark

    To ensure that only authorized senders can use the BIMI feature, a verification mark must be included in the BIMI record. The verification mark is a cryptographic hash of the sender's DMARC policy and is included in the BIMI record as a base64-encoded string.

    On top the verification mark, the TXT record for the email domain must also include the brand's Verified Mark Certificate (VMC). The VMC is a digital certificate that confirms the ownership of the brand logo used in the BIMI record. The DNS TXT record should be published at the root of the domain, and its content should be a URL that points to the logo image file.

    Today, the BIMI standard requires the logo to be a registered trademark to get a VMC; this long and costly process probably explains why BIMI does not arouse general enthusiasm so far. However, the standard is being expanded to include logos that aren’t trademarked.

BIMI Validation Process

When an email is received, the email receiver will perform the following steps to validate the BIMI record:

  1. Check the DMARC policy for the sender's domain to confirm that the sender is authorized to use the BIMI feature.
  2. Retrieve the BIMI record from the sender's domain to obtain information about the sender's logo.
  3. Verify the sender's logo by checking that the logo is hosted on a secure server and that it meets the required size and format.
  4. Check the verification mark in the BIMI record to confirm that the sender is authorized to use the logo.

No guarantee that logo will ultimately be displayed

Even though one may have set up everything according to the BIMI requirements, there is still no guarantee that the logo appears in an inbox. Finally, it very much depends on the receiver, as not all email service providers support this feature yet. This means that they do not offer the possibility to have logos shown in an inbox by default. And even though the number is growing, some of them still need some time to adopt BIMI. Also, the ones that do support BIMI have their own rules about whether or not to show the logo, such as Google.

Benefits

BIMI provides several benefits, including:

  • Improved email deliverability: Email receivers can use BIMI to verify the authenticity of emails, increasing the likelihood that legitimate emails will be delivered to the recipient's inbox.
  • Enhanced brand recognition: BIMI allows senders to display their brand logos in the recipient's inbox, increasing brand recognition and trust.
  • Additional protection against phishing attacks: BIMI can help prevent phishing attacks by providing visual confirmation that the email is authentic.

Conclusion

While some people could argue on the fact that BIMI is just another marketing stuff, it is a standard developed by industry leaders to help validate the authenticity of email messages using an email provider's logo. BIMI can indeed be used as a marketing tool, however it is primarily a security measure to prevent email fraud and phishing attacks. This provides an extra layer of security for email recipients, as they can quickly identify legitimate messages from trusted senders.

Therefore, on top of some marketing benefits, it is primarily a security standard that helps ensure the integrity of email communications. Nevertheless, it has not yet been widely adopted. There are several reasons for this:

  • Registered trademark: As of today, it is still required to be a registered trademark to get a VMC. This is a long and costly process that all organizations cannot afford.
  • Lack of support from email clients: BIMI requires email clients to support the standard, but many popular email clients do not yet support BIMI. This limits the potential benefits of implementing BIMI for organizations.
  • Technical complexity: Implementing BIMI can be technically complex, requiring changes to DNS records and email authentication protocols. This can be challenging for organizations that do not have experienced IT teams.
  • Limited impact on email deliverability: While BIMI may improve email deliverability by providing an additional layer of email authentication, it is not a panacea for email deliverability issues. Other factors such as email content and sender reputation also play a role in email deliverability.
  • Lack of awareness: Many organizations may not be aware of the benefits of BIMI or may not understand how to implement it. This can limit adoption of the standard.

Overall, while BIMI has potential benefits, its lack of widespread adoption may be due to a combination of technical complexity, limited impact on email deliverability, and lack of support from email clients. However, as more email clients support the standard and awareness of its benefits increases, we may see greater adoption of BIMI in the future.


Learn more on how LetzRelay-MX can help your organization be secured with Internet inbound emails.

Internal publication.

© LetzRelay by AlSego.