deliverability letter

Setting up BIMI

BIMI stands for Brand Indicator for Message Identification, and it’s a new authentication method that allows you to display authenticated and certified brand logos in the emails sent to users.

With BIMI, you have complete control over the type of logo displayed as your email avatar, which is an excellent prevention against email fraud. This also helps you increase visibility, brand recognition, and brand awareness.

With that in mind, let’s get you set up to use BIMI.

What You Need to Have Before Implementing BIMI

To implement and participate in BIMI, you must first get full authentication as an email sender.

Only authenticated messages can display brand logos, which means you’ll have to get DKIM, SPF, and DMARC before you do anything else. These are all email authentication methods designed to prevent phishing attacks (hackers trying to obtain sensitive personal data), to prevent spammers from spoofing (sending messages to clients in your name), and to add a digital signature to your emails so the receiving servers know you’re a source they can trust.

When are setting up DMARC you must set your enforcement policy to either reject(i.e. p=reject; sp=reject) or quarantine at 100%(i.e. p=quarantine; pct=100). “None” policies or ‘pct’ less than 100 percent are not accepted when using BIMI.

If you need help, head over to DMARC.org for the latest information.

How To Set Up BIMI for Your Email Domain

To implement BIMI, follow the steps below.

Get Your Brand Logo Trademarked

The first step is registering your brand logo trademark. This means that your brand logo has to be registered as your intellectual property so that issuers of a VMC can recognize it easily. This is usually done through a patent and trademark office or a website, but you’ll have to check the specific regulations, depending on where you are from.

You can quickly check whether a logo has already been trademarked through the Global Brand Database - WIPO.

Buy a Verified Mark Certificate (VMC)

Some email companies, like Google, require a verified mark certificate or VMC. So if you want your BIMI to show on Google, you’ll have to get a VMC, which is used to verify that your organization legally owns your brand logo.

You can buy a VMC from a certificate authority like DigiCert or Entrust.

You need to create a scalable vector graphics file (an SVG file) of your brand logo to send to the VMC issuer and they will issue a PEM file that acts as a reference for the SVG file provided.

You can get the SVG specifications here.

VMC Needs to Be Uploaded to Your Email Server

Once you’ve been issued the PEM file, it’ll have to be uploaded to your server. That way, anyone can access it.

Keep in mind that the webserver has to have the HTTPS security protocol.

Once you do this, you should see a PEM file URL like this:

https://thenameofyourserver.com/vmc.pem

Next Up! Your Brand Logo Needs to Be Uploaded

Next, it’s time to upload your brand logo. This also needs to be done in an SVG format, and uploaded to your server.

Your SVG logo URL should look like this:

https:///thenameofyourserver.com/logo.svg

Create a BIMI Record

The next step is creating a BIMI record. This is a DNS TXT record; a string consisting of various tags set apart by semicolons.

The two essential variables a BIMI record can’t do without are: v and l.

The v is used to specify the BIMI version. The current standard is BIMI1.

The l is used to specify the logo’s SVG URL.

Another tag, the a tag, is required by email providers like Gmail. This one has the VMC PEM file URL.

Below is a BIMI record example specifying the uploaded SVG logo and PEM file:

v=BIMI1; l=https://thenameofyourserver.com/logo.svg; a=https://yourserver.com/vmc.pem

Keep in mind that the SVG content you’re referencing in the BIMI record should be the same as the SVG file content you’re referencing in the PEM file. If you don’t do this, then BIMI won’t work.

Publish Your BIMI Record in the DNS System

The BIMI record is a type of DNS TXT record that’s written and published in the DNS as:

_default.bimi.domain

And the full BIMI record within the DNS should look like this:

Type of Record: TXT

Name: default._bimi Value: v=BIMI1; l=https://yourserver.com/logo.svg; a=https://yourserver.com/vmc.pem

TTL: Default

Test Your BIMI Record

Once you’re done with the setup and the BIMI is published, check your BIMI record.

You can check whether the BIMI record works through the BIMI Inspector online tool.

Keep in mind that it might take up to two days until your BIMI record starts displaying your brand logo in the emails you send.

If you run into any problems, hit us up in Discord, and we will try to help.