BIMI stands for Brand Indicators for Message Identification. It is an email authentication and identification standard that aims to enhance email security and provide a visual indicator of brand authenticity to email recipients. BIMI allows companies to display their official logos or brand icons next to their emails in the recipient’s inbox, providing a visual trust signal.
Instead of the generic logo that is displayed by default by your mailbox provider, BIMI record helps brands provide a more professional look and feel to their emails. This can be useful if a brand wishes to keep the same main brand and/or use different logos for different contexts.
Necessary tools for BIMI record configuration:
What is a BIMI Record?
A BIMI record is a TXT record that is published on your DNS to implement the BIMI protocol. Once the record is published, it allows organizations to display their unique brand logos alongside emails that are DMARC-compliant. BIMI centralizes logo display by empowering domain owners to share a single, standard image. This eliminates the need to create proprietary systems for logo display and management, and the frustration associated with brand proliferation. It provides a better user experience across the email inbox.
Key Requirements for Creating a BIMI Record
There are a few key BIMI requirements that you need to keep in mind. They are as follows:
Implement DMARC Authentication
Prior to implementing BIMI, make sure your domain is set up with a DMARC policy of either ‘reject’ or ‘quarantine’ with the help of a DMARC provider .
Generate a BIMI-compliant Logo
You need to convert your brand logo image to an SVG file that abides by the BIMI standard specifications.
Purchase a VMC
Get a Verified Mark Certificate (VMC) from a trusted certification authority like DigiCert. You can also directly buy your VMC by contacting PowerDMARC.
While the last requirement is optional in many cases, some email service providers have made VMC mandatory for BIMI record setup.
BIMI Record Authentication Process
Before your emails reach your receivers’ inbox, they are authenticated against DMARC. On passing DMARC, the receiving server queries the sender’s DNS for a BIMI record. When found, the sender-designated logo is then displayed in the receiver’s inbox. While not directly a security protocol, BIMI requires DMARC authentication to function. This ensures that emails are verified before reaching your clients, thereby extending and enforcing the implementation of security standards.
Note: The display of your logo when using BIMI is determined by the mailbox provider. Only the mailbox providers that support BIMI show the logo.
How to Create a BIMI Record?
Step 1: Sign up with PowerDMARC for free
Start implementing BIMI by signing up on our portal without spending a dime!
Step 2: Convert your logo image to SVG
On the portal menu go to PowerToolbox > BIMI SVG converter to make your logo compliant with BIMI record standards.
Step 3: Create your BIMI record
Go to PowerToolbox > BIMI record generator to create your BIMI record.
Step 4: Upload your logo
Upload the link to your BIMI-compliant brand logo, VMC (optional but recommended) and click on “generate record”.
Note: If you have not created your BIMI selector name, the name will be kept as “default”, in which case the value for your “host” field will be “default._bimi.domain.com”.
Step 5: Add BIMI record to DNS
Access your DNS provider’s management console to publish your BIMI record in the advanced DNS editor.
How to Publish a BIMI Record?
To publish your BIMI DNS record:
- Choose a Domain and Selector: Select the domain you want to set your BIMI record for and decide on a selector (e,g, selector1).
- Create a TXT Record in Your DNS: To publish the BIMI record, you need to create a TXT record in your DNS zone file. The TXT record should be named _bimi.yourdomain.com. Replace yourdomain.com with your actual domain name.
- Publish the DNS TXT Record: Access your DNS management interface provided by your domain registrar or DNS service provider. Locate the DNS zone for your domain and create a new TXT record with the name _bimi.yourdomain.com and the value mentioned in step 4. Save the changes to publish the record.
- Monitor BIMI Adoption: BIMI adoption by mailbox providers is an ongoing process. Keep an eye on updates and announcements from mailbox providers to ensure your BIMI record is being utilized correctly.
BIMI Record Examples
BIMI record without VMC:
BIMI record with VMC:
Note: If you have not created your BIMI selector name, the name will be kept as “default”, in which case the value for your “host” field will be “default._bimi.domain.com”.
How to Check and Verify Your BIMI Record?
Automated BIMI Record Verification
After publishing the BIMI TXT record, you should verify if it’s correctly propagated in the DNS. You can use a BIMI record checker to verify the existence and content of your TXT record.
Note: Creating, publishing, and verifying your BIMI record doesn’t ensure that your logo will be displayed. It largely depends on your email service provider as currently many ESPs have not fully extended support for BIMI and are still in their testing stages.
Manual BIMI Record Verification
To verify your BIMI record manually, you can access your Domain Name System (DNS) management console with your DNS provider’s assistance. Navigate to the DNS records section and search for your BIMI record. You can manually go through the syntax making sure it’s correct and verify that you have saved it.
PowerDMARC BIMI Record Checker Tool
PowerDMARC’s BIMI record checker tool helps you automatically check and validate your BIMI record after implementation. It’s instant and error-free and is a useful addition to your security suite for quick on-the-go record verification.
Try our BIMI record checker for free today.
Frequently Asked Questions
Why Is It Important To Publish A BIMI DNS Record?
Publishing a BIMI DNS record is crucial because it enhances email security and establishes brand credibility.
- BIMI promotes email authenticity by leveraging the DMARC protocol. This integration helps combat email spoofing, phishing, and other fraudulent activities.
- Publishing BIMI records enhances brand recognition and trustworthiness.
- By embracing BIMI organizations can elevate their email communications by increasing deliverability rates.
I have published my BIMI record. What is next?
- Simply publishing your BIMI record is not enough to rest assured. You still need to ensure that your BIMI record is valid by checking it using a BIMI lookup tool.
- Hosted BIMI solutions help you update your BIMI record whenever necessary without accessing your DNS, as well as host your logo and VMC.
- Gaining visibility on your sending sources when you are on p=reject for DMARC is crucial to maintaining a consistent flow of information and a steady email deliverability rate. DMARC reports help you monitor your sending sources and track your deliverability effectively.
- Configuring a DMARC reporting tool helps you visualize your data easily, making complex reports easier to understand.
- Travel Cybersecurity Threats and How to Stay Protected - December 18, 2024
- Cybersecurity Best Practices for Digital Nomads in Japan - December 17, 2024
- NCSC Mail Check Changes & Their Impact on UK Public Sector Email Security - December 13, 2024