Brand Indicators for Message Identification
Email verification system
From Wikipedia, the free encyclopedia
Design
There are two parts to BIMI: a method for domain owners to publish the location of their indicators, and a means for mail transfer agents (MTAs) to verify the authenticity of the indicator.[1][2] To implement BIMI, companies need a valid DMARC DNS record with a policy of either quarantine or reject, an exact square logo for the brand in SVG Tiny P/S format,[3] and a DNS TXT record for the domain indicating the URI location of the SVG file. The only supported transport for the SVG URI is HTTPS.[1] The BIMI DNS record is in the following format:
default._bimi TXT "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/image/certificate.pem"
(The a= part is optional. When present, it defines an evidence document; the only current form of this file is called a Verified Mark Certificate (VMC). When absent, the BIMI record is considered self-asserted.) Additionally, services such as Gmail require that a VMC be acquired and presented with the TXT record in order for the brand logo to be displayed in the inbox.[4] These factors alone will not guarantee a BIMI logo will be displayed as heuristics (like spam and spoofing) and reputation will be a key part in BIMI validity.[5] To query the value of the default._bimi TXT record for a given domain, one can use the dig command-line tool. For example, the following command will query the TXT record for the example.com domain: dig +short default._bimi.example.com TXT.
Implementations
A working group of several companies named "BIMI Group" has formed to develop and support standardization of BIMI in IETF.[6] As of June 2023 the following e-mail services have implemented support for BIMI:[7]
| Client | Requires VMC | Notes |
|---|---|---|
| AOL Mail | Unknown [8] | |
| Apple Mail | Yes [9][10] | |
| Fastmail | No [11][12] | |
| Gmail | Yes [13][14] | |
| La Poste | No [15] | Domains without VMCs must be submitted and manually verified by La Poste.[15] |
| Yahoo! Mail | No [16] | Only for bulk messages from high-reputation domains[16] |
| Halon | Yes |
History
The BIMI Working Group was founded in 2019[17] and the first Internet Draft was published in October 2021.[18]
Benefits
BIMI provides several advantages for organizations implementing email authentication:[19]
- Increased Trust and Brand Recognition – BIMI displays verified brand logos directly in recipients' inboxes, building trust and visibility before an email is opened.
- Higher Engagement and Deliverability – Recognizable brand logos help improve open rates and click-through rates, while BIMI requires a strong DMARC policy that enhances email authentication and deliverability.
- Protection Against Phishing and Spoofing – BIMI enforces domain authentication (SPF, DKIM, DMARC) and verified mark certificates (VMC), helping to prevent misuse of brand identity in fraudulent emails.