What is BIMI and Why Should You Care About It?

Email inboxes can be like the Wild West.

Lawlessness runs rampant, with scam artists and crooks at nearly every turn.

Brands that use BIMI are like the sheriffs in their own respective communities, with their badge being none other than their own logo.

Looking to restore order and confidence in your emails as your brand community’s lawman? Read on to learn everything you need to know about BIMI and how to set it up for your brand.

What is BIMI?

BIMI (pronounced bih-mee) stands for Brand Indicators for Message Authentication. It's is an email specification that allows email inboxes to display your brand’s logo next to your authenticated messages. Put simply, it puts your logo beside your emails, verifying that your messages are your own.

Here’s a visual example:

3 reasons why you need BIMI.

If you have any experience as a marketer, I’m sure you can immediately see the immense value of implementing BIMI into your brand’s email marketing efforts. Regardless, here’s three compelling reasons as to why you need BIMI:

1. Enhanced Brand Visibility

It’s no surprise that brands that use BIMI are increasing their visibility in their customers’ inboxes. Having your logo displayed prominently beside your emails is eye-catching and sets your communications apart from the sea of competition. Studies have shown that some businesses have seen their open rate increase by up to 39% after implementing BIMI.

2. Increased Trust and Security

As mentioned earlier, email inboxes can be a scary and chaotic place. Marketers who use BIMI are showing their community that they care about their customers by exemplifying trust and security. Your customers already have to worry about spam, scams, and phishing attempts, they shouldn’t have to worry about your emails, too. The presence of a BIMI logo acts as a symbol of trust, assuring subscribers that the email is indeed from the displayed brand.

3. Improved Email Engagement Rates

We’ve told you about how BIMI is increasing visibility and trust, both of which increase clicks. But what about once the customers are in the actual emails? Well, Yahoo’s pilot study showed that engagement rates in emails with BIMI were 10% higher than those without it. Not good enough for you? No worries, we have more. Red Sift’s study saw an increase in brand recall of 18%, AND an increase in purchase likelihood by a whopping 34%. BIMI isn’t just getting people to open more emails, it’s impacting their behavior in the emails, too.

How do you set up BIMI?

At this point, you know everything you need to know about BIMI and how it will take your email marketing to the next level.

The next step is obvious: you need to learn how to set up BIMI for your brand.

Luckily, we’ve got everything you need to get there.

Here’s our step by step guide to go from BIMI-less to BIMI-yes.

Step 1: Authenticate, authenticate, authenticate.

Before implementing BIMI, you must have the following email authentication measures properly configured:

SPF (Sender Policy Framework): Validates that the sending server is authorized to send emails on behalf of your domain.

DKIM (DomainKeys Identified Mail): Ensures the email content is not tampered with from the time it was sent.

DMARC (Domain-based Message Authentication, Reporting, and Conformance): Uses SPF and DKIM to determine the legitimacy of an email message, and instructs email providers on how to handle emails that don’t pass the checks.

To set up BIMI, you need to have DMARC. And to set up DMARC, you need to have SPF and DKIM.

Setting SPF, DKIM, and DMARC can be a tough process. Scroll to the bottom of this blog for a comprehensive guide to setting up each of these essential authentication measures.

Step 2: Ensure your Logo is Trademarked

This is a fairly straightforward yet easily overlooked step. You can easily check if your logo is trademarked on USTPO.

Here’s the link to the website where you can check!

Step 3: Create your BIMI Record

BIMI leverages a specific DNS TXT record. Here are the elements you need for your BIMI record:

• SVG Logo: Your brand logo needs to be in SVG format, meeting specific criteria such as a square aspect ratio, a solid background, and compliance with the SVG Tiny 1.2 Portable/Secure specification.
• VMC (Verified Mark Certificate): Although not mandatory for all email services, some like Gmail require a VMC to display your logo. This certificate verifies your logo's authenticity and trademark status. To achieve this you need to:
  • Choose a Certificate Authority (like Entrust, for example)
    • Submit your organizations for verification
    • Submit a domain for verification
    • Submit your trademark for verification (USPTO)
  • Once the logo is ‘certified’ from a certificate authority then you can continue

Step 4: Publish your BIMI Record

You will need to add a TXT record to your DNS settings. The format generally looks like this:

default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/yourlogo.svg; a=optionalVMCLink"

Where:

• v=BIMI1 specifies the BIMI version.
• l= is the URL to your SVG logo.
• a= is the URL to your VMC, if applicable.

Step 5: Test and Validate your BIMI

After setting up your BIMI record, it’s crucial to test and validate that everything is working as expected. After all, if it doesn’t work for your customers, what good does it do?

Use tools like the BIMI Group’s BIMI Record Checker to verify your BIMI implementation. It might take some time for the changes to propagate and for the logos to start appearing in email clients.

In addition, you should test it yourself by simply sending a test email!

Preflight Checklist

As seen, setting up BIMI is a bit of a process. Between the authentication measures, the logo standards, and testing, ensuring BIMI runs smoothly for your brand can be tricky.

To give you a quick snapshot of what you're getting into, I'm going to give you a small checklist of items to consider before you begin setting up BIMI.

Ensuring a Smooth Setup

Setting up BIMI can be a tough process if you have no IT experience. It requires some attention to detail along with careful testing. Missteps in configuration can lead to email deliverability issues, where legitimate emails are marked as spam or, worse, not delivered at all.

Solution: Carefully follow the process! Don’t try taking any shortcuts as it will only harm your brand in the long run. Invest a solid chunk of your time into setting up BIMI and your investment will pay off. Also, do yourself a favor; ask your IT team for help.

Setting BIMI up on a Different Domain

When you set up your BIMI, it overrides all other profile pictures on your domain. What exactly does this mean? I'll give you an example that we actually experienced ourselves. When we set up BIMI for the Knak domain (your.name@knak.com), it put our BIMI logo on everyone's email address — meaning anyone who had a profile picture was overridden by BIMI. There was no way to override it.

Solution: Publish BIMI on a different domain than that of your team's. Although we couldn't override our BIMI logo taking precedent, we instead published it on an account called your.name@team.knak.com, which gave everyone at Knak the ability to display their profile picture again.

Associated Cost of a VMC

Although BIMI has a substantial payoff, there is a slight cost of implementation (if you use a VMC). VMC's typically costs between $1000-$1500 for a single logo.

Solution: Consider the payoff! Maybe you’re a small business and are trying to minimize any expenses. Maybe you’re a big business and are also trying to minimize expenses. Regardless, 1k-1.5k isn't a ton in the grand scheme of things. After all, a 39% open rate increase, 10% engagement rate increase, and 34% purchase likelihood increase are three significant statistics that could do wonders for your business.

Adoption Rates

As of now, not all email clients support BIMI. This means that even with a perfect setup, a portion of your audience may not see your branded logo, which diminishes the reach and effectiveness of this protocol.

Solution: Rather than a solution, we’ll simply debunk this. Do all email clients support BIMI? No. But do the vast majority of them? Yes. BIMI is absolutely still worth it and has a huge impact on the customers that do see it. Here is a list of all clients that do and do not support BIMI.

BIMI and Beyond

Increase in open rates of 39%.

Increase in engagement rates of 10%.

Increase in brand recall by 18%.

Increase in purchase likelihood by 34%.

Most marketers would jump at any opportunity that gives them a 3% increase in any of these metrics. If that doesn’t push you to set up BIMI, I really don’t know what would.

But perfecting your email marketing game goes far past displaying your logo in customer inboxes. I’m going to tell you an obvious (but not so obvious for everyone) reality; arguably the most important component in your email marketing game is the emails themselves!

Let me paint a picture for you.

No-code, drag and drop email building. Collaborative tools where your team can work on campaigns in real time. Custom brand guardrails. Integrations with every major marketing automation platform on the market. AI tools. Need I continue?

There’s plenty more, if you’re interested. Learn more about Knak and the future of campaign creation.

How do you set up SPF, DKIM, and DMARC?

Setting up these email authentication measures can be tough. Because we care about you and a utopia where all emails have the proper security protocols, we've put together guides on how to set up SPF, DKIM, and DMARC.

Guide to setting up SPF

1. Identify Outgoing Mail Servers

Determine all the mail servers and services that send emails on behalf of your domain. This could include your company's main mail servers, third-party email service providers like Marketo, Eloqua, Mailchimp, or any servers sending notifications on behalf of your domain.

2. Create the SPF Record

The SPF record is a TXT record in your domain's DNS settings. It specifies which servers are allowed to send email from your domain.

An example of a basic SPF record might look like this:

v=spf1 ip4:192.168.0.1 include:_spf.google.com -all

In this example, ip4:192.168.0.1 specifies an IP address authorized to send emails. include:_spf.google.com allows emails sent from servers authorized by Google’s SPF records. The -all mechanism is a hard fail, indicating that emails from sources not explicitly authorized should be outright rejected.

3. Publish the SPF Record

• Log in to your domain registrar’s DNS management tool.
• Navigate to the section where you can manage DNS records.
• Add a new TXT record with the value you formulated in the previous step.

4. Test your SPF Record

After publishing the SPF record, it's important to ensure it is correct and functioning as intended. You can use online tools like MXToolbox to verify your SPF record. Simply enter your domain, and it will check if your SPF record is valid and correctly implemented.

5. Monitor and Maintain

Keep track of any changes in the email services or servers you use. Whenever changes occur, update your SPF record accordingly to ensure all legitimate sources are included, and unauthorized ones are excluded.

Guide to Setting Up DKIM

1. Generate DKIM Pair

The first step is to generate a public-private key pair. The private key will be used by your outgoing mail server to sign your emails, and the public key will be published in your DNS records for recipient servers to verify the signature.

Many email service providers (ESPs) offer tools to generate these keys, or you can use open-source software like OpenSSL if you are managing your own mail server.

2. Create your DKIM Record

Once you have your public key, you need to create a DKIM TXT record for your DNS. This record will look something like this:

mail._domainkey.yourdomain.com TXT "v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY_HERE"

Here, mail is the selector that specifies which DKIM public key to use if you have multiple keys. v=DKIM1 specifies the DKIM version, k=rsa indicates the key type, and p=YOUR_PUBLIC_KEY_HERE is where your actual public key goes.

3. Publish the DKIM Record

• Log into your domain's DNS management panel.
• Add the TXT record you created to your DNS settings. This process can vary depending on your DNS provider or web host, so refer to their specific instructions if available.

4. Configure your Email Server

Configure your email server or ESP to use DKIM by enabling DKIM signing and specifying the private key. This setup will depend heavily on the software or service you are using. For instance, platforms like SendGrid, Postfix, or Microsoft Exchange have their own methods and interfaces for setting up DKIM.

5. Test your DKIM Setup

After setting up DKIM, it’s crucial to test and ensure that it's working correctly. Tools like DKIMValidator or MXToolbox provide online DKIM check services where you can send a test email to their addresses, and they will analyze whether the DKIM signature is valid.

6. Monitor and Maintain

Regularly check your DKIM setup to ensure it continues to function correctly. Keep your DKIM keys secure, and consider rotating them periodically for enhanced security.

Guide to Setting Up DMARC

1. Ensure SPF and DKIM are in Place

Before setting up DMARC, make sure you have SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) records already set up for your domain. DMARC relies on these two forms of email validation to function correctly.

2. Create your DMARC Record

DMARC records are published in DNS as TXT records. The DMARC record begins with v=DMARC1, which specifies the DMARC version.

Here’s a basic example of what your DMARC record might look like:

v=DMARC1; p=none; rua=mailto:postmaster@yourdomain.com

p=none tells email receivers to take no action against emails that fail DMARC checks but to report them. This setting is recommended when you are first implementing DMARC so you can monitor the effects without impacting delivery.

rua=mailto:postmaster@yourdomain.com is where aggregate reports of DMARC failures will be sent.

3. Publish the DMARC Record to your DNS

• Access your DNS management console provided by your domain registrar.
• Add a TXT record for _dmarc.yourdomain.com. with the value you created in the previous step.

4. Choose the Right Policy

• The p= tag in the DMARC record defines the policy. Options include:
  • none (monitor only, no action taken on failures)
  • quarantine (treat failed emails suspiciously, usually by moving them to the spam folder)
  • reject (block failed emails entirely)
• Start with p=none to avoid disrupting your mail flow as you observe how many of your messages pass or fail DMARC checks.

5. Test your DMARC Setup

Use DMARC testing tools like MXToolbox or Postmark’s DMARC checker to ensure your DMARC record is valid and visible. Send test emails to see how they are handled based on your DMARC settings.

6. Analyze Reports and Adjust your Setup

• Review the reports sent to the email specified in the rua= tag of your DMARC record. These reports will give you insights into which of your emails are passing or failing SPF and DKIM checks.
• Adjust your SPF, DKIM, and DMARC records based on these findings. Gradually move to a stricter DMARC policy (quarantine or reject) as you become confident in the configuration.

7. As Always, Monitor and Maintain

Continuously monitor the performance of your DMARC setup and make necessary updates to your SPF, DKIM, and DMARC records to adapt to any changes in your email sending practices.