Skip to main content
0
  1. Wiki/

Email Encyclopedia: What is BIMI (Brand Indicators for Message Identification)

Table of Contents

Alibaba Mail More Products and Services

BIMI (Brand Indicators for Message Identification) is an email technology standard designed to enhance the credibility of email sender identity by displaying brand logos (such as corporate logos) in email clients. BIMI was developed by the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) to increase user trust in emails and reduce the risk of fraud from phishing emails.

The core concept of BIMI is to bind verified brand indicators with legitimate email senders, allowing users to visually identify genuine brand emails in their inbox, thereby reducing the possibility of being deceived by forged emails.

Background and Origin #

With the widespread use of email, spam, phishing emails, and fraudulent emails impersonating brands have increased. Traditional email authentication mechanisms such as SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting & Conformance) can effectively verify email sources at the technical level, but there are still deficiencies at the user perception level.

BIMI was proposed to address this gap. It not only leverages existing email authentication mechanisms as a foundation but also introduces visual elements to enhance user recognition by displaying brand logos. In 2019, companies like Google, LinkedIn, and Tutanota were among the first to support BIMI in their email clients, followed by an increasing number of email service providers.

How BIMI Works #

BIMI implementation relies on several key technical components:

1. Email Authentication Mechanisms (SPF, DKIM, DMARC) #

BIMI requires that the email sending domain must configure and correctly implement SPF, DKIM, and DMARC records. These mechanisms work together to ensure the authenticity of email sources and prevent email forgery.

2. BIMI DNS Record #

BIMI declares support for a domain by adding a specific TXT record (_bimi) to the domain’s DNS, pointing to a brand logo image in SVG format. The structure of this record is as follows:

_bimi IN TXT "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/verified-account;"
  • v=BIMI1: Indicates the BIMI version being used.
  • l: URL of the logo image, must be in SVG format.
  • a (optional): Link to a third-party verification page for further brand authentication.

3. Brand Logo Image (SVG Format) #

BIMI requires that brand logo images must be in SVG (Scalable Vector Graphics) format to ensure clear display across different resolutions and screen sizes. The image should typically have a 1:1 ratio and is recommended to be no larger than 32KB.

4. Third-party Certification (Optional) #

Some email clients (such as Google Gmail) require that the brand logo referenced in the BIMI record must be verified by a third-party certification authority (such as Zscaler, Trustwave) to ensure the legitimacy and authenticity of the brand. This mechanism is known as a “Verified Mark Certificate (VMC).”

Advantages of BIMI #

1. Increases User Trust #

By displaying brand logos in the inbox, users can visually identify legitimate emails, thereby increasing trust in brand communications.

2. Enhances Brand Visibility #

BIMI provides brands with an opportunity to showcase their brand logo in users’ inboxes, helping to increase brand exposure and recognition.

3. Suppresses Phishing Emails #

Since BIMI requires the email sending domain to pass strict identity verification, the difficulty of forging brand emails is greatly increased, effectively suppressing the spread of phishing emails.

4. Promotes the Adoption of Email Authentication Mechanisms #

BIMI implementation requires businesses to deploy email authentication mechanisms such as SPF, DKIM, and DMARC, thus promoting industry-wide attention to email security.

Steps to Implement BIMI #

To successfully deploy BIMI, businesses need to complete the following steps:

Step 1: Deploy SPF, DKIM, and DMARC #

Ensure that the domain has correctly configured SPF, DKIM, and DMARC records, and verify their effectiveness through relevant testing tools.

Step 2: Prepare Brand Logo Image #

Create an SVG format image that meets the requirements and upload it to a stable server address.

Step 3: Add BIMI DNS Record #

Add a TXT record for the _BIMI subdomain in the domain’s DNS, pointing to the URL of the brand logo image.

Step 4 (Optional): Obtain VMC Certificate #

If you need to display brand logos in email clients that support VMC verification (such as Gmail), you need to apply for a Verified Mark Certificate from a third-party certification authority.

Step 5: Test and Verify #

Use BIMI verification tools (such as the BIMI Group’s BIMI Checker) to test whether the BIMI record is configured correctly and ensure that the brand logo can be displayed normally in email clients.

Email Clients Supporting BIMI #

Currently, several mainstream email clients and email service providers support BIMI, including:

  • Google Gmail
  • Apple Mail (partial support)
  • Yahoo Mail
  • FastMail
  • Tutanota
  • ProtonMail (partial support)
  • Mail.ru
  • AOL Mail

The level of support for BIMI may vary slightly between different clients, and some clients may only display brand indicators when specific conditions are met (such as VMC certification).

Relationship Between BIMI and DMARC #

There is a close relationship between BIMI and DMARC. DMARC is the foundation of BIMI, and only emails that pass DMARC verification can be recognized by BIMI and display brand indicators. Therefore, the implementation of BIMI is actually an extension and visual presentation of DMARC policy.

In addition, the BIMI record structure can also reference DMARC reports, helping domain owners better monitor and improve their email authentication policies.

Limitations of BIMI #

Despite the many advantages BIMI brings, it also has some limitations:

1. Inconsistent Client Support #

Different email clients have varying levels of support for BIMI, with some clients not yet implementing full support.

2. Requires Additional Authentication Process #

For clients requiring VMC certificates, businesses need additional time and cost to complete the certification process.

3. Not Applicable to All Types of Emails #

BIMI is mainly applicable to business brand emails, with limited value for personal emails or non-brand emails.

4. Potential for Misuse #

If BIMI is improperly configured or maliciously exploited, there remains a risk of brand logo forgery, thus requiring strict regulatory and verification mechanisms.

As awareness of email security increases, BIMI, as a technology that enhances user trust, is expected to gain wider application. Possible future directions include:

  • Wider Client Support: As the BIMI standard matures, more email clients are expected to join the support list.
  • Enhanced Authentication Mechanisms: Introduction of more advanced authentication mechanisms, such as blockchain technology, to improve the security and credibility of BIMI.
  • Extension to Other Communication Channels: The concept of BIMI may be applied to other digital communication channels, such as instant messaging, SMS, etc., to enhance the overall trust in digital communications.

Conclusion #

BIMI is an innovative standard that combines technology and user experience. It not only enhances the security of email but also strengthens the trust relationship between brands and users. With the continuous evolution of technology and the improvement of industry standards, BIMI is expected to become an indispensable part of the email ecosystem. For businesses, deploying BIMI is not only a means to enhance brand credibility but also an important measure to strengthen email security governance.