Skip to main content
The State of BIMI

The State of BIMI

Ecosystem NewsEmail Security InsightsEmail Technology

Updates:

October 11, 2024: Gmail rolled out support for Common Mark Certificates (CMC), a new BIMI certificate that doesn’t require a trademark like Verified Mark Certificates (VMC). “CMCs allow a broader range of senders to utilize BIMI, who might not have the registered trademark required for a VMC. With a CMC, the sender’s brand avatar will be displayed without the Gmail verified checkmark that’s displayed for VMCs,” according to Google. In addition, BIMI verified (VMC only) checkmarks are now displayed on Android and iOS while using the Gmail application.


The following was published September 13, 2023.

Brand Indicators for Message Identification (BIMI) is a standard that associates your official brand logo with an email authenticated by DMARC. BIMI gives brands an opportunity to reinforce their logo while building trust as a sender of authentic messages.

According to Farsight research at dmarc.org, 9,860 BIMI records were observed through the end of the third quarter of 2021. Another source of BIMI adoption data is BIMI Radar, which tracks global BIMI adoption across 56,916,954 top-level domains in the categories of BIMI Ready, BIMI Aware, and BIMI with Verified Mark Certificates (VMC).

More recent BIMI adoption research found that just less than 14,000, or .14%, of the world’s top ten million domains have published a BIMI record as of June 2023.

Yahoo, AOL, Gmail, Apple and a few others support BIMI. While Microsoft has not yet ventured into the BIMI provider space, others, like Comcast and British Telecom, are considering it.

How does it work?

Like other email authentication standards, BIMI is a text record that lives in your domain’s DNS and includes the location of the brand’s logo saved in a square .SVG format.

To implement BIMI, both SPF and DKIM must be set up for the email domain, with DMARC deployed with a policy set to either p=reject or p=quarantine. This shows receivers that you are proactive about the types of emails your domain sends and that you’re mindful of your brand and your reputation as a trusted sender.

Additionally, you’ll need to follow good deliverability practices and cultivate a healthy, engaged subscriber list with good email open rates. Your practices will determine if a receiver decides to display your BIMI-based logo as it is up to the email receiver if your logo is to be displayed. Here’s a broader discussion on deliverability as a key concern for today’s marketers.

How to Prepare for BIMI

The two fundamental factors for deploying BIMI are having a DMARC policy in place set to a compliance policy of p=reject or p=quarantine and maintaining a good reputation as a sender via a high engagement rate with low bounce and spam complaints.

Although reputation can be subjective depending upon the individual receiver, having the underpinning technologies of DMARC, SPF, and DKIM in place shows the world that you are serious about your domain’s reputation and contributes to building your reputation as a sender.

To check your BIMI record, you can visit the BIMI Inspector from our friends at Mailkit. You can also use their BIMI guide to get a fuller understanding of BIMI and how to deploy it.

DMARC is not only a prerequisite for BIMI, but is a foundational security protocol that future domain security initiatives will continue to be built upon. If you need help with your DMARC project, get in touch with us or go ahead and register for our free trial.

We’re here to help you deploy DMARC efficiently and cost-effectively.


Want to continue the conversation? Head over to the dmarcian Forum