Brand Indicators for Message Identification (BIMI) is an email security standard that allows you as a business owner to brand your emails with your company's logo, icon, trademark, or other visual symbols to be displayed in your recipient's inbox. These Brand Indicators help customers identify the messages sent from your brand and makes it more difficult for scammers to use your brand for phishing.
BIMI provides email recipients and email security systems increased confidence in the source of emails, and enables senders to provide their audience with a more immersive experience.
Google first announced a Gmail BIMI pilot in 2020. Now Google is rolling out general support for BIMI in an effort to “drive adoption of strong sender authentication for the entire email ecosystem.”
BIMI was designed to help brands validate the ownership of their logos and visual identities, and securely transmit them to Google. It also plays a role in email security, specifically as it affects phishing and other email-based scams.
Which is why, before we get into BIMI, we should talk about DMARC.
BIMI & DMARC
For email recipients, Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a behind-the-scenes mechanism that strengthens the handling of emails that fail authentication checks.
For email senders, DMARC is a way to set policies and preferences for message validation at the domain level so that email service providers can improve security during mail handling.
BIMI builds on DMARC to improve security measures even further.
How BIMI works
Brands that authenticate their emails using SPF and DKIM protocols alongside DMARC can show their visual branding in recipients' email inbox. BIMI leverages Mark Verifying Authorities and Certification Authorities to verify brand credentials and shows logos/trademarks as proof of verification.
When your emails are authenticated (and pass all other security checks), Gmail will start displaying your logo in the avatar circle next to your message in previews and alongside your company name in the reader.
Gmail's support of BIMI is a win for email authentication, brand trust, and consumers alike. BIMI gives organizations the opportunity to provide their customers with a more immersive email experience, strengthening email sender authentication across the entire email ecosystem.
Seth Blank, AuthIndicators Working Group
How to set up BIMI for your business in 5 steps
BIMI is still a new email security standard, which means lots of changes are still to come. Google has done a decent jobs of making BIMI setup relatively easy, but some steps are technical. If you're not technically inclined, it might be a good idea to call your IT team or use a third-party service.
NOTE: Before you proceed to Step 1 of setting up your BIMI, make sure to first set up a Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM) for your email servers.
Register your brand logo as a trademark
Get a Verified Mark Certificate (VMC)
Upload VMC to your web server
Create your BIMI record
Your BIMI record is a line of text that includes the URL of your brand logo SVG file.
Example BIMI records
BIMI with a Verified Mark Certificate:
BIMI record without a Verified Mark Certificate:
Add a DNS TXT record for BIMI at your domain provider
How to add a DNS TXT record for BIMI
1. Sign in to your domain management console
2. Go to your domain’s DNS records
3. Enter these values in the form for your domain provider’s DNS records (replace mystore.com with your root domain):
- Type: default._bimi.mystore.com
- Value: v=BIMI1;l=https://images.mystore.com/brand/bimi-logo.svg;a=https://images.mystore.com/brand/certificate.pem OR v=BIMI1;l=https://images.mystore.com/brand/bimi-logo.svg
- TTL: 1 hour (3600 seconds)