The newest in email authentication protocols is Brand Indicators for Message Identification (BIMI). In 2021, many email marketers found the idea of utilising BIMI to be a lot more appealing.

That's because Google stated in July that BIMI would be officially supported in Gmail inboxes. This follows Google's 2020 introduction of a BIMI pilot programme, which had previously been blocked to new senders.

According to this announcement, anyone who successfully deploys BIMI should now see brand logos next to authenticated emails in Gmail and other mailbox providers.

But maybe we're a little ahead of ourselves here...

The Basics of BIMI

What exactly is BIMI? It's a new way of verifying emails and combating brand spoofing. It entails setting up a record on your sending domain's DNS, which recipient mail servers use to verify the message is legitimate, just like other protocols.

The fact that BIMI is a subscriber-facing service distinguishes it. SPF, DKIM, and DMARC aren't visible to your mailing list. They can, however, see the BIMI results. The logo in their inbox could indicate that the email is safe to open and interact with. It's the payoff for brands who get their email authentication practices up to speed.

For BIMI, the email could be just the beginning. It may also provide a mechanism for third-party application developers to integrate logos while providing businesses control over what is displayed in the future.

How does BIMI Work?

When a mailbox provider gets an email message from your company, it checks for existing email authentication mechanisms. It looks for SPF and DKIM, in particular, using the DMARC record. The BIMI record for the domain is then looked for in the DNS (if applicable).

The mailbox provider should get the logo file and display it in the subscriber's inbox if the brand passes DMARC authentication and the BIMI implementation is correct.

How do you implement BIMI?

Getting a BIMI logo to display in inboxes will take a little bit of work. But put simply, you’ll need to follow these essential steps:

1. Determine your transmitting domain and seek assistance.

The BIMI record must be published on your sending domain's DNS (or domains). It's possible that this isn't the same as your company's main website domain. Larger enterprises frequently use a dedicated subdomain for their mail server.

Here’s how a BIMI record is formatted:

default._bimi TXT "v=BIMI1; l=https://mydomain.com/image.svg;

You'll undoubtedly want to enlist the IT department or cybersecurity support, and your email service provider (ESP) may be able to assist with debugging. If you're a member of the email geeks community, you can also seek assistance from the BIMI Working Group.

2. Verify other email authentication protocols

BIMI is, in some ways, the reward for aligning the rest of your email authentication processes. The basic line is that BIMI will not work unless you have a DMARC policy in place.

Receiving mail servers are told how to handle emails that fail authentication by DMARC, which checks for SPF and DKIM. When a scammer tries to imitate your brand with a phishing email, your logo will never be displayed.

To meet BIMI compliance standards, your DMARC enforcement policy will need to be set to either reject or quarantine.

3. Create a BIMI logo and get it certified

There are several unique requirements for BIMI logos. First, they must be SVG (SVG Tiny 1.2) files, a secure vector file that is more difficult to imitate.

The logo should be in a square format. However, because it will be displayed in inboxes, it should also fit beautifully into a circle. BIMI logos must also be modest, not exceeding 32kb in size.

There are two organizations providing Verified Mark Certificates (VMCs) for BIMI

Who is supporting BIMI for email?

Prior to Google's announcement of BIMI support in Gmail, Yahoo and Verizon Media mailbox providers, such as AOL.com, supported this sort of email authentication. Fastmail, an Australian email client, also supports BIMI logos.

Smaller businesses might have been hesitant to commit the money, time, and effort required to implement BIMI if it hadn't been for Gmail. On the other hand, Gmail frequently addresses 25% or more of many subscriber lists.

Other major email clients are more likely to embrace BIMI now that Gmail has done so. Again, that's because there are a lot of advantages.

What are the benefits of BIMI?

For brands that are frequently targeted by email spoofing, BIMI is a handy email authentication mechanism. This includes large financial companies like Bank of America, which has collaborated on the technology alongside Google and the BIMI Working Group.

Other often imitated brands that would profit from BIMI include PayPal, DropBox, Amazon, Apple, and Microsoft. However, you do not have to be a Fortune 500 firm to benefit from BIMI's services.

According to preliminary studies, deploying BIMI can boost email engagement. Marcel Becker of Yahoo revealed various user experience research results in our Ask Me Anything on the BIMI segment. For example, people appear to be more likely to interact with email interactions that include brand logos.

However, most crucially, BIMI safeguards your subscribers from cyber thieves who try to exploit your brand's reputation to lure consumers into installing malware or disclosing vital personal information. As a result, BIMI can help you defend your brand's reputation, mainly if you send transactional emails or have consumers with online accounts.

Finally... let's face it... What company wouldn't want its logo to appear as much as possible? Implementing BIMI is an excellent technique to help with brand identification and recall.

So, if you're still debating whether or not BIMI is a brilliant idea in 2021, think about the value of these advantages. Being an early adopter could give you a leg up on the competition.

However, BIMI installation will incur fees, and the process can become highly technical. It's also worth noting that specific email applications claim only to display BIMI emblems for bulk senders. As a result, you'll require a sizable transmit volume, and it's unclear whether there is a specific threshold.

BIMI and email previews

BIMI implementation is not currently verified by Email on Acid's pre-deployment platform. However, you should be able to determine if BIMI is working properly by running email testing and viewing previews of your advertisements on various clients and devices.

This is because Email on Acid displays screenshots from live devices. As a result, everything you see is also seen by your subscribers. Include Gmail, Yahoo, AOL, and other BIMI-compatible clients in your testing profile.

Do you want to see if the clients who sponsor BIMI have higher subscriber engagement? You can compare outcomes using our Email Analytics.

Brand Indicators for Message Identification appears to be here to stay, thanks partly to Gmail's implementation of BIMI in 2021.

Source:https://cyber-security-information.blogspot.com/2021/07/bimi-in-202...