Email is essential for any business to promote their brand, products, and services to consumers, and communicate effectively with existing customers and their supply chain. But as with anything, the evolution of how businesses use email is inevitable, making it work harder for their goals and needs.
As part of this evolution comes BIMI (Brand Indicators for Message Identification). This standard, launched in July 2021, enables businesses and organizations to display their trademarked logo automatically within any DMARC authenticated emails they send.
Partnering with Entrust, Red Sift has successfully guided a number of OnDMARC customers through the Google pilot program to BIMI certification. We’ve learned a lot going through this process so we’ve compiled answers to some of the most common questions about this emerging email standard to help businesses, marketers and IT professionals alike get on board with BIMI.
What is BIMI?
BIMI stands for Brand Indicators for Message Identification. This standard enables companies to attach trademarked brand logos to the emails they send to consumers, increasing visual impressions and promoting a consistent brand experience. To qualify for BIMI, a company’s domain must be DMARC compliant and its logo must be trademarked. The company must also have a Verified Mark Certificate (VMC) issued by an approved Certification Authority (CA).
How does BIMI work?
Much like your DMARC, SPF, and DKIM records, your BIMI record sits in your DNS as a text file. When your email lands in the recipient inbox, the recipient server looks this up to check that it’s coming from a verified sender (using DMARC). Once authenticated, the BIMI TXT file tells the recipient service where to find the logo, and it’s pulled into the inbox, visible for the recipient to see.
Is BIMI a security standard?
No, BIMI is not a security standard. For a business to be able to use BIMI in line with Google, it must be DMARC compliant. DMARC is a security protocol that protects against exact domain impersonation. When implemented correctly (p=reject), it blocks phishing attacks using your domain, protecting your business, brand reputation, and supply chain. It can also improve your email deliverability and even inbox placement as a result.
It’s vital that we view BIMI as a ‘reward’ for correctly implementing the security protocol DMARC. While the presence of a logo in the email indicates DMARC compliance, it in no way offers domain protection. This is done by the DMARC protocol it sits on.
When will BIMI become available?
Google has now announced its support for BIMI and its general availability for businesses in its latest blog.
What are the BIMI logo requirements?
Alongside full DMARC compliance, to qualify for BIMI a business’s logo must be trademarked and have a Verified Mark Certificate issued by an approved Certification Authority.
What is a VMC and why do I need one?
A Verified Mark Certificate (VMC) is the logo certification required for BIMI. It’s issued by a Certification Authority (CA) and works alongside DMARC to enable logo visibility in the inbox. Google has selected just two CAs as eligible to issue VMCs, one of which is our partner Entrust.
To get a VMC, your logo must be trademarked. Having a VMC is an essential part of the puzzle, as without one you won’t be able to become BIMI certified.
How long does BIMI take to implement?
There are a number of moving parts intertwined in the BIMI certification process, and so the time taken to implement it can vary. But one of the most important steps is ensuring your domain is DMARC compliant. When using OnDMARC, the average time taken to get to p=reject is 5-8 weeks, but this can depend on the number of sources that need configuring and the speed at which you can implement the needed resources. Red Sift is the only DMARC provider to offer a guaranteed SLA of getting to p=quarantine at 100% within 8 weeks.
It can also take anywhere from 3-6 months to get a registered logo trademark, depending on the country you’re in. You can find out more about the Red Sift BIMI verification process and how we can support your entire BIMI journey from start to finish here.
Some Gmail users already have their photo or logo appear in the circle to the left of the sender’s name. Is this the same thing as BIMI?
Gmail users can set up a personal Google account using their email address and upload a profile picture to their personal profile. This image then appears alongside personal email communications. This is different from BIMI, which authenticates logos having a registered trademark and is tied to a confirmed sending domain used for bulk business email communications.
Which companies already have BIMI?
While Google’s launch hasn’t officially been announced, there are a number of companies that have implemented the standard using the pilot program. You can get real-time updates on this using BIMIRadar, the site we at Red Sift have created to track the global adoption of brand indicators across 49,628,763 apex domains.
Why is BIMI important for marketers and businesses?
Any good email marketing strategy will involve tweaking subject lines, cleaning email lists, and curating email content. This is done with the goal of increasing open rates, boosting click-throughs, swerving spam complaints, and keeping bounce rates low. But while these are good practices, it’s likely the widespread adoption of globally-recognized standards like DMARC and the benefits which come with these (such as BIMI) will ultimately make the real difference in keeping our email ecosystem robust for years to come. In early studies we’ve carried out, we found that logo visibility in email does appear to have a positive effect on certain consumer interactions in email.
Start your BIMI certification journey with the world’s first and only integrated solution provider
Red Sift’s core mission is to make the technology essential for cybersecurity accessible for everyone. That’s why we’re proud to be the first ever provider of an end-to-end BIMI certification solution. Closely partnered with Entrust, we’re here to support your BIMI journey from start to finish.
Ready to take the first steps towards DMARC compliance and get on board with BIMI today? Whether you’re already DMARC compliant or starting from scratch, book your free consultation below to get started.