Brand Indicators for Message Identification

From HandWiki
Short description: Email verification system

Brand Indicators for Message Identification, or BIMI (/ˈbɪmi/), is a specification allowing for the display of brand logos next to authenticated e-mails.

Design

There are two parts to BIMI: a method for domain owners to publish the location of their indicators, and a means for mail transfer agents (MTAs) to verify the authenticity of the indicator.[1][2] To implement BIMI, companies need a valid DMARC DNS record with a policy of either quarantine or reject, an exact square logo for the brand in SVG Tiny P/S format,[3] and a DNS TXT record for the domain indicating the URI location of the SVG file. The only supported transport for the SVG URI is HTTPS.[1] The BIMI DNS record is in the following format: 

default._bimi   TXT   "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/image/certificate.pem"

(The a= part is optional. When present, it defines an evidence document; the only current form of this file is called a Verified Mark Certificate (VMC), described below. When absent, the BIMI record is considered self-asserted.) Additionally, services such as Gmail require that a VMC be acquired and presented with the TXT record in order for the brand logo to be displayed in the inbox.[4] These factors alone will not guarantee a BIMI logo will be displayed as heuristics (like spam and spoofing) and reputation will be a key part in BIMI validity.[5] To query the value of the default._bimi TXT record for a given domain, one can use the dig command-line tool. For example, the following command will query the TXT record for the example.com domain: dig +short default._bimi.example.com TXT.

Implementations

A working group of several companies named "BIMI Group" has formed to develop and support standardization of BIMI in IETF.[6] As of June 2023 the following e-mail services have implemented support for BIMI:[7]

Email clients supporting BIMI
Client Requires VMC Notes
AOL Mail Unknown [8]
Apple Mail Yes [9][10]
Fastmail No [11][12]
Gmail Yes [13][14]
La Poste No [15] Domains without VMCs must be submitted and manually verified by La Poste.[15]
Yahoo! Mail No [16] Only for bulk messages from high-reputation domains[16]

History

The BIMI Working Group was founded in 2019.[17]

Benefits

BIMI provides several advantages for organizations implementing email authentication:[18]

  1. Increased Trust and Brand Recognition – BIMI displays verified brand logos directly in recipients' inboxes, building trust and visibility before an email is opened.
  2. Higher Engagement and Deliverability – Recognizable brand logos help improve open rates and click-through rates, while BIMI requires a strong DMARC policy that enhances email authentication and deliverability.
  3. Protection Against Phishing and Spoofing – BIMI enforces domain authentication (SPF, DKIM, DMARC) and verified mark certificates (VMC), helping to prevent misuse of brand identity in fraudulent emails.

Contributors

The contributors of BIMI specifications, called the BIMI Group, also called Authindicators Working Group,[17][19] include:

  • Agari
  • Comcast
  • Google
  • LinkedIn
  • Return Path from Validity
  • Valimail
  • Verizon Media (Yahoo)

References

  1. 1.0 1.1 "Brand Indicators for Message Identification (BIMI) Draft". IETF Trust. https://datatracker.ietf.org/doc/html/draft-brand-indicators-for-message-identification-03. 
  2. "BIMI Up, Scotty! A look at Brand Indicators for Message Identification (BIMI) Adoption with R and the Alexa Top 1m" (in en-US). 2020-02-21. https://securityboulevard.com/2020/02/bimi-up-scotty-a-look-at-brand-indicators-for-message-identification-bimi-adoption-with-r-and-the-alexa-top-1m/. 
  3. "Implementation Guide". https://bimigroup.org/implementation-guide/. 
  4. "Get your Verified Mark Certificate (VMC) - Google Workspace Admin Help". https://support.google.com/a/answer/10911028?hl=en. 
  5. "VMCs Aren't a Golden Ticket for BIMI Logo Display" (in en-US). 2021-09-10. https://bimigroup.org/vmcs-arent-a-golden-ticket-for-bimi-logo-display/. 
  6. "BIMI Working Group". BIMI Group. https://bimigroup.org/. "Google's Gmail Is Getting Support For A New Email Feature That Allows Brands To Display Their Logos In The Avatar Slot". https://www.digitalinformationworld.com/2020/07/googles-gmail-is-getting-support-for.html. 
  7. "BIMI Support by Mailbox Provider". https://bimigroup.org/bimi-infographic/. 
  8. "BIMI support in AOL Mail". https://help.aol.com/articles/bimi-support-in-aol-mail. 
  9. "Prepare your email server for BIMI support in Apple Mail". https://developer.apple.com/support/bimi. 
  10. "BIMI Rolling Out to All Apple Inboxes in Fall 2022". https://bimigroup.org/bimi-rolling-out-to-all-apple-inboxes-in-fall-2022/. 
  11. "Using BIMI in Fastmail". https://www.fastmail.help/hc/en-us/articles/7002542139663-Using-BIMI-in-Fastmail. 
  12. "BIMI for Non-Trademarked Logos". https://bimigroup.org/bimi-for-non-trademarked-logos/. 
  13. "Advancing email security for Gmail and beyond with BIMI". https://workspace.google.com/blog/product-announcements/bringing-bimi-to-gmail-in-google-workspace. 
  14. "Add a brand logo to outgoing email with BIMI". https://support.google.com/a/answer/10911320?hl=en. 
  15. 15.0 15.1 "La Poste Announces Support for BIMI". https://bimigroup.org/la-poste-announces-support-for-bimi/. 
  16. 16.0 16.1 "BIMI, Mail". https://senders.yahooinc.com/bimi/. 
  17. 17.0 17.1 "Authindicators Working Group | LinkedIn". https://www.linkedin.com/company/authindicators-working-group. 
  18. "BIMI Security Benefits". https://bimicertifications.com/security-benefits. 
  19. "Google Joins AuthIndicators Working Group and Commits to BIMI Pilot". July 24, 2019. https://bimigroup.org/google-joins-authindicators-working-group-and-commits-to-bimi-pilot/. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Brand_Indicators_for_Message_Identification&oldid=3979380"