2019/05/16 by Willem Stam.
Brand Indicators for Message Identification (BIMI) ready for take off?
BIMI is the new open standard for visualising your brand in the recipient’s mailbox with an image.
The new standard uses DMARC, leading some to call BIMI ‘DMARC 2.0’. While almost all previous authentication and identification methods work in the background, BIMI is the first to really try to visualise and strengthen your brand right on the front-end. The mailbox provider allocates a space for the image within the user interface.
What are the prerequisites?
Before you can enable BIMI, you have to make sure that the following requirements are in place.
- It is best to have a DMARC record with a ‘quarantine’ or ‘reject’ policy.
- You need to have a special record, the so-called BIMI Assertion Record. This record will also contain the path to the image (SVG format) that will be used. The TXT record, such as default._bimi for example, needs to be placed in the DNS of the sending domain. Usually this would be the From header. The value of the record should look like the following:
- You need to prove ownership of the image with a copyright certificate. Otherwise anyone could publish someone else’s logo on their own domain. Please note, this is not a current requirement, but will be in the near future.The providers require the certificate to prove ownership of the domain name. The proof is held and secured (cryptographically) by third parties referred to as Mark-Verifying Authorities. The BIMI group recommends that you wait approximately two days for your logos to make it into the MBP’s systems.
- BIMI will only work from domains that are categorised as bulk senders (OATH requirement).
- You need to hold a good sender reputation (OATH requirement).
Who is supporting BIMI?
It was first supported publicly by the Verizon Media Group (Yahoo/AOL) and Gmail is currently testing BIMI with selected senders.
In addition, in February 2021 we got the news that Fastmail started piloting as well. Other ISPs are piloting in the short term as well.
Microsoft seems to be going in another direction and will not use the BIMI standard. Instead they are going to use so-called business profiles: business.microsoft.com. It’s being beta tested at the moment and is publicly available for any consumer-facing business in the US.
And will BIMI take off?
While Microsoft is following a different strategy, Gmail is presumably near the end of the piloting phase. Fastmail is just being added to the supporting parties and Verizon is working with BIMI publicly and to date still does not require a VM. So we think that it would be good to start with tech-preparations and testing.
Smaller senders too should be able to get BIMI to work as well. At the moment it is exclusively for big senders.
We will be testing BIMI support with a few brands. Stay tuned for the results. And if you have any questions, just contact us.