BIMI in 2021: Should You Implement this Email Specification?
Brand Indicators for Message Identification (BIMI) is the latest in email authentication protocols. And in 2021, the idea of implementing BIMI suddenly became a lot more attractive to many email marketers.
That’s because, in July, Google announced it would begin officially supporting BIMI in Gmail inboxes. This comes after Google launched a BIMI pilot program in 2020, which was previously closed to new senders.
However, with this announcement, anyone who successfully implements BIMI should start seeing brand logos appearing next to authenticated messages in Gmail and other mailbox providers.
But perhaps we’re getting a bit ahead of ourselves here …
The Basics of BIMI
What is BIMI? It is a new method for authenticating emails and preventing brand spoofing. Like other protocols, it involves setting up a record on your sending domain’s DNS, which receiving mail servers use to verify the message is legit.
What makes BIMI unique is that it is subscriber-facing. Your list doesn’t know that you’ve set up SPF, DKIM, and DMARC. But they can see the results of BIMI. The logo in their inbox can be a sign indicating the email is safe to open and engage with. For brands, it’s the pay-off for getting your email authentication practices up to speed.
Email could be just the start for BIMI. In the future, it could also present a way for third-party application developers to pull in logos while giving brands control of what’s displayed.
How does BIMI Work?
When a mailbox provider receives a message from your brand, it first checks for existing email authentication protocols. Specifically, it uses the DMARC record to look for SPF and DKIM. After that (if applicable), it looks up the domain’s BIMI record in the DNS.
If a brand passes DMARC authentication, and the implementation of BIMI is correct, the mailbox provider should retrieve the logo file and display it in the subscriber’s inbox.
It looks something like this:
This is similar to how certain mailbox providers show the profile pictures of your contacts next to personal emails. However, Marcel Becker of Yahoo told us that 97% of emails in our inboxes come from brands. So, BIMI logos could provide a better-looking email experience.
How do you implement BIMI?
Getting a BIMI logo to display in inboxes will take a little bit of work. But put simply, you’ll need to follow these essential steps:
1. Identify your sending domain and get some help
The BIMI record needs to be published on the DNS of your sending domain (or domains). That may be different than your brand’s main website domain. Often, larger organizations have a specific subdomain that’s used for a mail server.
Here’s how a BIMI record is formatted:
default._bimi TXT "v=BIMI1; l=https://mydomain.com/image.svg;"
You’ll probably want to get the IT team or cybersecurity to help you publish the BIMI record, and your email service provider (ESP) may be able to assist with troubleshooting as well. If you’re active in the email geeks community, you can reach out to people at BIMI Working Group for help too.
2. Verify other email authentication protocols
In some ways, BIMI is the payoff for getting the rest of your email authentication protocols aligned. The bottom line is that you need to have a DMARC policy for BIMI to work.
DMARC looks for both SPF and DKIM and tells receiving mail servers how to handle emails that fail authentication. This ensures your logo will never be displayed when a scammer attempts to impersonate your brand with a phishing email.
To meet BIMI compliance standards, your DMARC enforcement policy will need to be set to either reject or quarantine.
3. Create a BIMI logo and get it certified
BIMI logos have some specific requirements. To begin, they must be SVG files (SVG Tiny 1.2), which is a secure vector file that’s harder to impersonate.
The logo should be in a perfect square. But it should also fit nicely into a circle since that’s how it will be displayed in inboxes. BIMI logos also need to be small and shouldn’t exceed 32kb in size.
The image in your BIMI logo should be a registered trademark. If you don’t have a trademarked logo, you’ll need to work on that. Plus, to meet Gmail’s requirements, BIMI logos also need to get a special certification that verifies your ownership of the logo.
At this time, only Google is requiring VMCs for BIMI authentication. However, it could help with other mailbox providers. In content for developers, Verizon Media states:
“We currently do not require VMCs to be set up for BIMI logos to appear in Verizon Media applications. However if a BIMI record includes a VMC, we might use it to inform the overall BIMI eligibility.”
Once you’ve completed these steps and published your record, BIMIGroup.org has a BIMI Inspector tool you can use to verify your brand’s compliance with the established standards.
Who is supporting BIMI for email?
Before Google announced support for BIMI in Gmail, Yahoo and Verizon Media mailbox providers, such as AOL.com, were already supporting this type of email authentication. The Australian email client Fastmail also supports BIMI logos.
Without Gmail in the mix, smaller brands may have hesitated to invest the budget, time, and effort needed to implement BIMI. However, Gmail addresses often make up 25% or more of many subscriber lists.
Now that Gmail is adopting BIMI, other major email clients are more likely to follow. That’s because there are some pretty big benefits.
What are the benefits of BIMI?
BIMI is a particularly helpful email authentication method for brands that are common targets of email spoofing. That includes major financial institutions such as Bank of America, which has partnered with Google and BIMI Working Group on the technology.
PayPal, DropBox, Amazon, Apple, and Microsoft represent several other commonly impersonated brands that would benefit from BIMI. However, you don’t need to be a Fortune 500 company to take advantage of BIMI’s benefits.
Preliminary research shows implementing BIMI may actually increase email engagement. In our Ask Me Anything on BIMI, Marcel Becker of Yahoo explained the results of some user experience studies. It appears people are more likely to interact with email experiences in which brand logos are displayed.
Most importantly, however, BIMI protects your subscribers from cyber criminals who are trying to use your brand’s reputation to trick people into installing malware or revealing sensitive personal information. For that reason, BIMI can also protect your brand’s reputation, especially if you send transactional emails and have customers with online accounts.
Finally … let’s be honest … what brand wouldn’t want their logo showing up in as many places as possible? BIMI implementation is a nice way to support brand recognition and recall.
So, if you’re still wondering whether implementing BIMI is a good idea in 2021, you’ll want to consider the importance of these benefits. Being an early adopter could have its competitive advantages.
But, there will be costs associated with BIMI implementation and the process can get quite technical. Another thing to keep in mind is that some email clients say they’ll only display BIMI logos for bulk senders. So, you’ll need to have a fairly significant send volume, and it’s unclear whether there is a specific threshold.
BIMI and email previews
Currently, Email on Acid’s pre-deployment platform does not verify BIMI implementation. However, when you run email tests and view previews of your campaigns on different clients and devices, you should be able to see if BIMI is working correctly.
That’s because Email on Acid serves up screenshots from live devices. So, what you see is what your subscribers see. Just be sure to include Gmail, Yahoo, AOL, and other clients that support BIMI in your testing profile.
Want to find out if the clients supporting BIMI get better engagement from your subscribers? You can use our Email Analytics to compare results.
Thanks in part to Gmail’s adoption of BIMI in 2021, it looks like Brand Indicators for Message Identification is here to stay.
Author: The Email on Acid Team
The Email on Acid content team is made up of digital marketers, content creators, and straight-up email geeks. Connect with us on LinkedIn, follow us on Facebook, and tweet at @EmailonAcid on Twitter for more sweet stuff and great convos on email marketing.