Email authentication can be a pretty dry subject. So here’s the juicy bit that makes BIMI email authentication exciting:

BIMI email authentication threatens to turn email authentication into a useful tool for email marketers.

That’s right. With BIMI, email authentication can be more than a box on a checklist that marketers follow to ensure marketing emails go to the inbox instead of the spam folder.

Obviously, there’s no magic bullet in email marketing. But the BIMI email standard offers some potential benefits:

  1. Higher open rates.
  2. Better brand recognition.
  3. And, yes, better email deliverability and security.

In short, using BIMI email security can help improve your email marketing performance, which means more revenue from every email you send.

Obviously, that’s a good thing. So here’s everything you need to know to do some BIMI email marketing.

What is BIMI email authentication?

First, BIMI stands for Brand Indicators for Message Identification. And it’s an email authentication protocol created and maintained by Agari and the Authindicators Working Group.

However, one thing that separates BIMI email authentication from the other email authentication standards—SPF, DKIM, and DMARC—is that it relies on the other authentication standards to work.

BIMI works by adding an additional authentication check to your DNS record. The DNS record gets referenced during the DMARC authentication.

If there’s a valid BIMI record in your DNS text file, the receiving email server will follow the directions in the BIMI record and retrieve a verified logo file to display next to your emails in the inbox (more on this later).

In other words, BIMI email authentication won’t work without SPF, DKIM, and DMARC (technically, BIMI only requires a DMARC policy to work. But DMARC works best when supported by the other two authentication standards).

We’ll talk more about implementation in a minute. But you must have the traditional email authentication infrastructure in place before you implement this new standard.

But—even though BIMI works in conjunction with the other email standards—the BIMI email standard adds an additional layer of authentication, which makes your email messages more secure and adds more markers for receiving email servers to identify and sort your emails.

So adding BIMI authentication to your authentication stack makes spoofing your emails more difficult and helps ensure your emails land in the inbox.

The second thing that separates BIMI from the other email authentication standards is that it can improve the user experience beyond just correctly sorting emails.

BIMI enables you to display your brand logo next to your emails in the inbox of certain email clients. So subscribers can quickly and easily identify your emails as they scan their inbox.

Obviously, this is great for email branding, since you can create consistent visual messaging across your email, social media profiles, and all other assets.

But the big benefit is subscriber trust.

We’ve all had the disappointing experience of opening an email that we thought was from a business we trust, only to discover that we’d been fooled by a scammer impersonating that company in a phishing email campaign.

It’s nearly impossible for a third party to add your brand logo to a scam email. The location of your brand logo is contained in your DNS record. And the logo must be in the correct format.

So a scammer would need to gain access to your DNS record, then get access to the computer where your brand logo file is stored. That’s very hard to do.

The bottom line is that, over time, seeing your brand logo in the inbox will remove any skepticism or hesitation to open your email, because email users will understand that your brand logo means that email is legitimate and they can trust it.

Which mailbox providers support BIMI?

Currently, Gmail and Yahoo! mail clients support the BIMI standard.

Google is still in the pilot phase of implementing BIMI authentication.

Right now, Google requires a Verified Mark Certificate (VMC) from these two certificate providers:

  1. DigiCert
  2. Entrust Datacard

Google also requires that you have SPF, DKIM, and DMARC authentication standards in place before you can use BIMI for Gmail inboxes.

The process for getting a VMC and implementing BIMI for Google inboxes will get easier as Google rolls out complete support for the BIMI standard.

As you know, Gmail is one of the most popular mailbox providers in the world (maybe THE MOST popular). Yahoo! Is relatively popular, too.

So BIMI email authentication will impact most of the email addresses in your lists. 

Ultimately, BIMI email authentication is both a security protocol and an email marketing tool. It’s a very efficient way to improve your email marketing program.

Getting started with BIMI email authentication

As we mentioned earlier, BIMI needs SPF, DKIM, and DMARC protocols to work. So, you’ll need to do a little bit of prep work before you implement BIMI.

Here’s what you need to do to get ready for using BIMI email authentication:

  1. Confirm that your email service provider supports the BIMI standard. BIMI is still relatively new. Not all ESPs support it yet. But BIMI adoption is on the rise.
  2. Configure your SPF, DKIM, and DMARC authentication protocols, if you haven’t already.
  3. Check your domain reputation. If your email sending domain has a bad reputation (or no reputation, yet), your BIMI logo may not be displayed. 
  4. Choose a BIMI email logo. Your BIMI logo must be an SVG image. Other file types won’t work.
  5. Ensure that you’re tracking the right email marketing metrics to monitor improvements from adding BIMI to your authentication stack. Open rate and email deliverability rate are the two metrics that will be most impacted by BIMI email authentication.

In the future, email senders may be required to get a Verified Mark Certificate (VMC) to use BIMI authentication. Using a VMC simply adds more protection against fraudulent emails by also validating your logo before receiving email clients will retrieve and display your logo.

Currently, getting a VMC is optional. And, right now, there are very few organizations that issue VMCs.

However—as we mentioned earlier—you’ll need the VMCs to use BIMI in Google inboxes.  Currently, your logo must be registered with the U.S. Patent and Trademark Office to get the VMCs you need for Google support. This will be the best place to start for many businesses.

Once all this is done, your email program is ready for BIMI email marketing.

How to implement BIMI email authentication

There are two core components to the BIMI authentication protocol:

  1. The BIMI authentication entry in your DNS record.
  2. Your BIMI email logo.

The entry in your DNS record tells email servers where your BIMI email logo is located. When your email is received, the receiving email server checks the DNS record and goes to retrieve your brand logo.

Admittedly, this takes a little bit of time. Occasionally, there will be a small delay between when your email appears in the inbox and when the logo pops up. But it’s a short delay, and won’t impact how fast the content of your email loads.

That’s just a detail, though. The point is that you need to add a BIMI entry to your DNS record text file, and ensure that your brand logo can be accessed by email servers.

Here’s how you do that:

  1. Verify that your emails pass DMARC authentication. Your DMARC policy should be set to “p=quarantine” or “p=reject defined”. A p=none policy will not work with BIMI.
  2. Create a brand logo in SVG format.

Your SVG logo must be a square, with your brand’s logo centered, and without any text.

Use HTTPS to store your logo (logos stored with HTTP won’t work). Make sure that you know the URL where your brand’s logo is stored.

  1. Add your BIMI record to the DNS record for your sending domain. Here’s a BIMI record template:

brandx._bimi.brand.com IN TXT “v=BIMI1; l=https://subdomain.brand.com/image/logo.svg; a=;”

Replace “brandx” with the name in the “FROM” field in your marketing emails.

Replace “brand.com” with your brand domain name.

Replace “https://subdomain.brand.com/image/logo.svg” with the URL where your BIMI email logo is stored.

If you need help adding this text to your DNS text record, your ESP should be able to help you access and modify your DNS record.

Once you’ve added the BIMI record to your DNS TXT record, send a test email to make sure your BIMI authentication is working properly.

What could go wrong?

Obviously, there are a lot of reasons to use BIMI. But—like most things—if it’s implemented improperly, there could be problems.

First, BIMI is not a fix for poor email deliverability.

If you’re having email deliverability issues, you should correct those problems BEFORE you attempt to implement BIMI email authentication. Otherwise, adding BIMI could actually make your deliverability worse.

Second, it’s important to ensure that you’re getting positive engagement from your email lists before you implement BIMI.

Adding your brand logo to your emails will magnify whatever feeling your subscribers have toward your emails. Ideally, that feeling should be positive. That way seeing your brand logo in their inbox excites subscribers and prompts them to open the email immediately.

However, the opposite effect is also possible. If someone has had a poor experience with your emails in the past, your brand logo makes it super easy for them to spot your emails and mark them as spam, which will hurt your domain reputation and email deliverability.

Ultimately, it’s important to make sure that your email program is healthy and you’re getting good engagement from your email subscribers before you add BIMI to the mix. Otherwise, it could backfire.

BIMI email is coming

BIMI isn’t a ubiquitous email authentication protocol, yet. It’s still entirely optional. And it will likely be optional for the foreseeable future. That’s actually good because it means you have time to get your email program in order, if it’s not ready for BIMI yet.

However, BIMI email authentication gives you one more way to bump up your email marketing performance, while simultaneously improving your email security.

So, whether or not you’re ready to implement BIMI right now, it’s time to move toward adding BIMI to your email marketing program.

What to do now

Need help configuring your email authentication in preparation for implementing BIMI? Learn how to set up your email authentication.

Did you find this post useful? Sign up to get more posts just like this.

Or just book a call to learn about letting Rejoiner handle all this for you.

Author       
Mike Arsenault
Mike Arsenault is the Founder & CEO of Rejoiner. He works with 350+ online retail & eCommerce companies like Hydroflask, Footjoy, GUESS, and Big Chill to help them grow faster using lifecycle email. He also once lived aboard a 36' sailboat in Boston.