BIMI: What is it and How does it affect Email Deliverability?
Bee-what? Yes, I know what you’re thinking. What the heck is BIMI (pronounced Bih-Mee)?
BIMI stands for Brand Indicators Messaging Identification.
With spam emails on the rise, recipients have become extremely wary of which emails they should and should not open. Nearly 85% of emails received by users are spam emails; our suspicions are not baseless.
So what does the abbreviation BIMI have to do with all this?
BIMI adds an extra layer of security for email protection whilst parallelly building brand visibility. This is a relatively new method of email authentication to avoid brand spoofing (when scammers impersonate brands to gain sensitive information about users). This method is slowly gaining popularity amongst email marketers as it helps build trust between the brand and the prospect/customer.
In July of 2021, Google announced it would officially begin supporting BIMI in Gmail inboxes. And just like that, this concept is slowly becoming widely adopted and is helping brands establish the trust they need to close deals.
What is BIMI?
In very simple terms, BIMI allows you to display your corporate logo as your email avatar slot across all email service providers.
Source: Venture Beat
BIMI is unique because it is subscriber-facing; it works in favor of the recipients. Most users don’t bother with the technical side of emails, SPF, DKIM DMARC; many users don’t even understand what these abbreviations are, let alone know their full form. BIMI allows them to visually see your brand logo, an actual visible element that acts as a security protocol. This way, a sense of trust is built when they browse through their inbox, deeming your email as safe to engage with.
In case you didn’t know, SPF, DKIM, DMARC all act as email authenticators running in the background, ensuring your email lands in the recipient’s primary inbox. For BIMI to work, you need to have these three fraud protection mechanisms in place.
Here is a quick explanation of these technical forms of authentication:
SPF (Sender Policy Framework): Authenticates your email has been sent from an authorized mail server. This is undertaken by checking if the email sent out is from the correct domain on the pre-approved list.
DKIM (DomainKeys Identified Mail): DKIM is another form of email security created to ensure the email content isn’t altered in transit between the sending and recipient servers. It provides emails with a signature header that is added to each email and secured with encryption. The digital signature verifies to users that your domain is the sender of the message and you are solely responsible for the content.
DMARC (Domain-based Message Authentication): A DMARC record allows senders to authenticate if their message is protected by SPF and/or DKIM. It indicates to the receiver how to handle the message if neither of those authentication methods was used i.e. marking the email as junk or rejecting it.
So if all these email authentication methods are already there; why do we need BIMI? Why is BIMI being prioritized by marketers and salespeople?
Why is BIMI important for your brand?
BIMI is beneficial to both the recipient and the sender. It helps recipients recognize and build trust with your brand when reading your message. It is advantageous for your brand because it decreases the likelihood of unsubscribers and being flagged as spam. The chances of phishing and spoofing are lessened with this extra layer of protection and improved security. An added bonus benefit is of course your email standing out because of your logo being displayed as the avatar.
Below are three main reasons as to why BIMI is highly recommended for your brand:
- Increased Credibility With Lesser Chances Of Phishing and Spoofing Attempts
The BIMI framework functions in a way that works against illegitimate senders spoofing brand logos. It helps customers in recognizing and identifying safe messages, increasing your brand’s credibility. You are not only protecting yourself but also the recipient, marking it a win-win situation for all stakeholders. Organizations that store sensitive information such as banks, social media platforms, and government websites seek to benefit from BIMI.
- Helps Your Email Stand Out
Our inboxes are cluttered! Even legitimate emails from verified brands get lost in a sea of spam. This is why BIMI helps your email stick out like a sore thumb (but in a good way). The brand’s logo in the inbox prompts recipients to open the email, directly affecting open rates. The image below highlights how an inbox looked before and after BIMI; I think we can all collectively agree on which emails look more trustworthy to open.
Source: Email on Acid
- Updated Security
You cannot use BIMI without DMARC implementation. If you wish to add BIMI as an extra layer of security, you need to ensure the other behind-the-scenes technicalities have been implemented. This way, your brand reputation is secure, and nobody can impersonate your domain.
How does BIMI work?
When an email service provider receives your email, it goes through various authentication checks. It uses the DMARC record to look for SPF and DKIM authentication. After that, it proceeds to check for the domain’s BIMI record in the DNS (if you have registered for it). This record contains a batch of text with a URL for your brand’s logo and information on any Verified Mark Certificates (VMC). If the records match, the logo of your brand will be displayed in the recipient’s inbox.
VMC – A Verified Mark Certificate (VMC) is a digital certificate that attests to the authenticity/ownership of a brand’s logo. It is used as part of your BIMI record.
How do you set up BIMI?
At its inception, the BIMI setup process was a little complicated as it involved being approved by the AuthIndicators Working Group (a group dedicated to the development of BIMI). In recent years, setting up BIMI has been simplified so brands can widely adopt it.
As mentioned earlier, BIMI cannot work without DMARC authentication protocols in place. So if you’re new to setting up your email domain, we suggest setting up your DMARC authentication first before using BIMI.
Step 1: Set up DMARC, SPF, and DKIM
Step 2: Create an image of your logo in SVG (scalable vector graphic) file format
As per the BIMI guidelines, the image should be square-shaped. Ensure there are no tag lines or extra text on the image.
Step 3: Create and Publish your BIMI record
Once you have everything set up, access your DNS records through your domain service provider (reach out to your IT department if you are unsure how to access it).
Over here, you will have to create a new TXT record to announce your participation in BIMI.
The Verified Mark Certificate (VMC) is currently optional and only required for Gmail as of now.
The annual estimated cost of a VMC is $899.
BIMI’s Impact on Deliverability
So now that you have a basic understanding of BIMI and how it works; you must be wondering what impact it has on deliverability?
3.1 billion domain spoofing emails are sent each day, according to Proofpoint. BIMI adds an extra layer of security for your email authentication. It supports email deliverability by increasing user engagement and showing your email service provider that you have DMARC, SPF, and DKIM standards all set up and in place. With the 3 email authentication protocols in place and working behind the scenes, keeping you safe from spoofing, BIMI works at the forefront visible to recipients. If you already have DMARC, SPF, and DKIM set up beforehand then setting up BIMI won’t require much effort from your side.
When a user browses through their inbox, the one email that stands out is the one with a logo. This increases your brand visibility and builds trust amongst your subscribers. The logo also offers brand recognition from wherever in the world it is open, improving your brand’s reputation. Recipients will continually be able to identify your brand when they see that logo, strengthening trust and increasing your chances of closing deals. BIMI safeguards both your brand and the interests of receivers. Users can identify legitimate emails from spam emails.
Conclusion
BIMI is a revolutionary technology that is minimizing phishing attacks and reassuring recipients that all proper security measures are in place through the simple act of displaying your brand logo. BIMI goes beyond the realms of authentication protocols; it helps you market your brand without even having a user open your email.
While BIMI adds an extra layer of security and offers a better subscriber experience, the technology is not supported everywhere. Here is the current list of email service providers that are currently enrolled in the BIMI pilot program:
- Gmail
- Yahoo Mail
- AOL Mail
- Netscape
BIMI is definitely worth the investment, even if it is not a widely adopted practice yet. It is easy to set up and increases subscriber trust.