BIMI: Understanding the technical aspects of the protocol

In my previous blog, I introduced Brand Indicators for Message Identification (BIMI), an email authentication protocol that increases visibility and security when combined with Domain-based Message Authentication, Reporting, and Conformance (DMARC). It does this by displaying a brand logo next to legitimate emails, boosting brand recognition, combating phishing, and improving deliverability.

In this article, I’ll explain how BIMI works with protocols like Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and DMARC. I’ll also explore the BIMI record, which controls how logos are shown in email inboxes.

How BIMI works

To implement BIMI (after configuring the DMARC policy), your organization must create a Domain Name System (DNS) record that points to the logo your business intends to use and provides a mechanism to confirm that it’s allowed to use that specific mark.

The DNS record confirms your company’s authority through one of two certificates: Verified Mark Certificates (VMCs) or Common Mark Certificates (CMCs). These certificates give service providers a way to validate the use of the logo and display it next to emails when verifying a DMARC policy.

Now that you know why a CMC or VMC is a crucial part of BIMI, it’s time to understand the differences and find out which applies to your organization.

VMCs vs. CMCs

One of the key differences between VMCs and CMCs is that VMCs require the use of a trademarked logo. If your organization’s logo is already trademarked, a VMC provides digital credentials that confirm your ownership.

But, many (generally smaller) organizations don’t own the trademark linked to their logo. Because of this, in 2024, Google announced its support of CMCs.

A CMC allows companies to use BIMI to display their logo in email inboxes without a registered trademark if it’s been active for over a year. While CMCs are more cost-effective (approximately $1 099 versus $1 499 at the time of writing), they don’t include the verified checkmark that a VMC does.

Setting up BIMI

Now, let’s discuss the steps involved in setting up a BIMI record for your business.

Ensure DMARC configuration: Before setting up BIMI, ensure your company’s DMARC policy is correctly configured and set to p=quarantine or p=reject.
Create your logo in SVG format: Create an SVG Portable/Secure-formatted logo that meets BIMI’s specifications. The logo should be simple, recognizable, and suitable for scaling.
Acquire a certificate: Get a VMC or CMC. Remember, VMCs require a trademarked logo.
Create the BIMI record: Add a BIMI TXT record to your DNS settings. The record should include the URL of your logo and certificate.
Test & validate: Use BIMI validation tools to confirm your record is correctly configured and the logo displays as expected.
Monitor & update: Regularly monitor the performance of your BIMI setup and adjust it as necessary, especially if you change your logo or DMARC policy.

How Sendmarc can help

Implementing BIMI can significantly enhance your brand visibility and email deliverability.

At Sendmarc, we specialize in DMARC implementation and management and can work with your company and IT teams (or introduce you to one of our partners) to ensure the protocol‘s properly configured and help you set up BIMI.

We collaborate with Mark Verifying Authorities (MVAs) and Certificate Authorities (CAs) to assist in VMC and CMC issuing. We manage the entire process from installation to activation, ensuring your BIMI and DMARC are optimally configured and maintained.

We’d love to help you secure and elevate your brand – reach out to us for a demo and leave a comment below to let us know your thoughts on BIMI!