7-things-youll-wish-you-knew-before-implementing-BIMI

7 things you need to know before implementing BIMI

Last updated: October 2024

BIMI (Brand Indicators for Message Identification) is a new email standard that allows businesses to attach registered logos to DMARC authenticated emails. It’s an exciting development in the email world, and there’s much anticipation about how it’s already impacting the future of email marketing.

We at Red Sift (in partnership with Entrust) offer the only end-to-end BIMI and DMARC certification solution, helping hundreds of organizations to get BIMI certified with Verified Mark Certificate (VMC,) and start showing their registered logo in email.

In this blog, we’ll walk you through the 7 things you need to know before implementing BIMI.

1. Make sure you’ve correctly implemented DMARC

This is crucial to the success of your BIMI implementation, as, without correct DMARC compliance, you won’t be able to become BIMI certified. But what is DMARC you ask? DMARC stands for Domain-Based Message Authentication, Reporting, and Conformance. It’s a protocol introduced in 2012 which protects businesses against exact domain impersonation. In short, when configured correctly (at p=reject), it stops hackers and bad actors from impersonating your domain to phish your customers, suppliers, and employees, protecting your brand and anyone who has contact with it. DMARC implementation can seem like a complicated process, but with the right tools and support, it’s made easy. You can find out more about our multi-award-winning DMARC solution here.

2. Check that your trademarked logo doesn’t include extra text

Some businesses will trademark their logo and include the company name within this (either above or below the icon and not as part of the design itself) or have text as part of their logo as standard. This means that the logo can’t be used without this additional text, and this can cause problems when implementing BIMI. To be able to use your logo effectively with BIMI, make sure that you have a version of your logo which excludes any additional text (i.e. company name above or below it) as the BIMI logo must match the trademark exactly. However, in October 2024 Google announced support for the CMC (Common Mark Certificate), which no longer requires a trademark, but does require a history of prior use in a website for at least a year.

3. Ensure your logo is the right size, and any text will be readable when scaled down

This might sound like a simple one, but making sure that your logo is sized correctly so that it can be scaled properly in the inbox is crucial. If you successfully deploy BIMI but no one can see your logo, or it’s too big for the box, then your hard work will be for nothing. Luckily, our Customer Success team is clued up on exactly which logo sizes, shapes, and requirements are needed to help Red Sift customers avoid this.

4. Budget for the time needed to implement BIMI

Another aspect easily overlooked is time, and it’s key that you budget enough while factoring in all the moving parts of the BIMI process. With OnDMARC, it takes an average of 5-8 weeks to get to DMARC p=reject and around 7-10 days to complete all the steps from the CA to get a VMC or CMC. While we offer a fully integrated BIMI solution that covers all bases and steps along the way, it’s key that you set enough time and resources aside to get BIMI up and running.

5. Make your logo stand out from the crowd

Studies have shown that color increases brand recognition by as much as 80%. This is huge when you consider how many emails are dropping into the consumer inbox every day. Early research we’ve carried out has indicated a positive correlation between bold logo color and design and brand recall, while monochrome designs may have the opposite effect. So, it’s vital that you consider the look of your logo as soon as possible, to ensure it stands out from the crowd and you’re getting the brand visibility you want. We recommend bold, block colors, easy-to-read text, and clear symbols and shapes.

6. Get the correct sending domain and make sure it’s in p=reject

When it comes down to the more technical points, this is a key one. BIMI is not a security protocol itself, instead, it works using DMARC which authenticates the sending source of the email the logo sits on. So, it’s vital that the root domain you’re sending from is in p=reject (i.e. fully DMARC compliant), as having a subdomain in p=reject isn’t enough. You’ll also need to work with your marketing department to ensure you know which domain you’ll be sending from day one, to avoid any confusion!

7. Choose an approved Certification Authority 

Currently, there are just two Certification Authorities approved by Google to issue VMC and CMCs, one of which is our partner Entrust. Choosing an approved and certified VMC provider is another essential component of your successful BIMI journey. You can find out more about what a VMC is here.

Where to go from here?

At first glance, the idea of adding a logo to an email seems like a simple concept. But, there’s a surprising amount of technical effort and expertise which goes into the BIMI implementation process.

At Red Sift, we’re proud to be the first and only provider of an end-to-end BIMI certification solution. Using our award-winning product OnDMARC, we support businesses big and small to achieve full DMARC compliance and BIMI deployment from start to finish and beyond. Get started below by checking your BIMI readiness score today! 

PUBLISHED BY

Sabrina Evans

24 Jun. 2021

SHARE ARTICLE:

Categories

Recent Posts

VIEW ALL
DMARC

Keep your Microsoft Online Email Routing Address secure with Red Sift OnDMARC

Faisal Misle

Every Microsoft 365 tenant includes a default domain in the format tenantname.onmicrosoft.com. This is known as the Microsoft Online Email Routing Address (MOERA). What many don’t realize is that attackers have started using these domains to impersonate organizations in phishing attacks. If left unmonitored, MOERA domains can become a blind spot in your email…

Read more
News

Red Sift OnDMARC ranked #1 in EMEA and Europe for DMARC in…

Francesca Rünger-Field

G2’s Spring 2025 Report is here, and we’ve got some exciting news to share! Red Sift OnDMARC has been named the #1-rated DMARC solution in both EMEA and Europe, and that’s just the start. We also took the #1 spot in the Mid-Market Results Index and Mid-Market Usability Index, and were featured in 18…

Read more
DMARC

The Mail Check deadline has passed: Is your organisation at risk? 

Jack Lilley

The National Cyber Security Centre (NCSC) proposed changes to Mail Check services came into effect on 24 March 2025, including the ending of DMARC aggregate reporting. Organisations who are yet to comply must now seek an alternative provider or risk exposure to harmful cybersecurity incidents. This change comes as a measure to expand the…

Read more
Awards

Red Sift named a Top 50 company in 2025 Emerging Stars Awards

Jack Lilley

We’re pleased to share that Red Sift has been named Best Performing Company – Security & Infrastructure in the 2025 Emerging Stars Awards. These awards, part of the Megabuyte100 series, recognise the UK’s 50 best-performing scale-up technology companies based on solid financial performance, from over 800 entries.  Being recognised in this category reflects the…

Read more