Red Sift’s Definitive Guide to Email Security
Explore our guide

What is BIMI?

BIMI definition 

Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the Domain-based Message Authentication, Reporting and Conformance (DMARC) authenticated emails they send. This means businesses can proactively protect recipients of their email from bad actors. If you're a technical administrator, marketer, or business leader, implementing BIMI will mean you reap the benefits of better deliverability and higher open rates.

Email continues to be the most popular way for businesses globally to communicate, so it’s crucial organizations implement the best methods for ensuring both authenticity and brand experience.

How does BIMI work?

BIMI inserts your logo next to your email address at participating providers. It doesn’t prevent business email compromise (BEC)—that’s DMARC’s job—however, if someone tried to spoof you when you have BIMI in place, your logo won’t appear, and depending on your DMARC policy, the email may not even arrive. 

Similar to SPF, DKIM, and DMARC records, your BIMI record lives in your DNS as a text (TXT) file. When an email you send arrives in the recipient inbox, the recipient server looks this record up to check that it’s coming from a verified sender (using DMARC). Once authenticated, the BIMI TXT file informs the recipient server of the logo’s location, and any relevant BIMI certificates, and it is then made visible in the recipient inbox.

BIMI in the inbox (desktop view)

Why should I implement BIMI?

Implementing BIMI can significantly increase your brand recognition and email engagement, which are crucial factors for marketing success. With BIMI, your company's logo is displayed directly in the recipient’s inbox next to your email, helping your messages stand out among the clutter. This enhanced brand visibility establishes trust and credibility with your audience, leading to higher open rates and click-through rates. 

A recognizable logo can immediately evoke trust and familiarity, which is a key advantage in increasing email engagement metrics. By adopting BIMI, you create a consistent visual identity across your email communications, helping your brand gain a competitive edge.

From an email security perspective, DMARC—the protocol that powers BIMI—plays a vital role in reducing phishing attacks and email spoofing, providing better protection for your brand and recipients. Beyond its importance to email security, BIMI offers a host of other benefits for businesses, including improved brand visibility, increased trust in email legitimacy, and better brand recall. It’s even been shown to have an impact on consumer buying behavior.

Benefits of BIMI

When implemented using a Mark Certificate, BIMI has many benefits for businesses of all shapes and sizes. Showing a verified logo in email using a VMC, GMC or CMC can help businesses enjoy:

  • Increased brand recall by 44%

After exposure, brands that had applied a logo increased their recall by up to 44%. The stronger the brand, the higher the recall increase, up to 120%.

  • Improved open rates by 39%

Open rates see up to a 39% increase in both transactional and promotional emails.

  • Improved average purchase increase by 32%

The email open uplift carried over to purchasing decisions with an average buying increase of up to 32%.

  • 90% increase in confidence in an email's legitimacy

Using BIMI increased consumer confidence in the legitimacy of an email by as much as 90%.

Can I implement BIMI?

Check to see if your domain is ready for BIMI in less than 10 seconds: Try the BIMI Checker now

Is BIMI just for IT/Security teams?

BIMI is not just designed to boost brand awareness and enhance security, but also offers an advantage for today’s marketers looking to stand out against the noise. With the average consumer receiving around 120 emails every day, making an impression in the inbox is hard. However, by putting the email fundamentals in place, you’ll put your brand in a prime position to reap the revered reward that is ROI. 

Find out more in our blog: 8 Reasons to Include BIMI in Your 2025 Marketing Budget

Does BIMI help open rates?

In partnership with Entrust, Red Sift commissioned research into the impact of a visible logo in an email’s avatar location on open rates, brand recall, and buying behavior.

The research focused on organizations based in the UK and US. Results showed a 9% increase in transactional open rates for a leading US investment firm, compared to a 10% decrease for a competitor that didn’t make use of BIMI. Further data showed an increase in market share by 38% for a UK energy provider, up from 6% while a similar competitor without BIMI experienced an 11% drop.

What about promotional emails?

For businesses trying to sell products and services, promotional email open rates are crucial. In such a crowded market it is hard to break through against leading brands. However, when comparing a competitor’s promotional emails with BIMI implemented versus a leading brand without BIMI, US, and UK leading businesses lost 15% and 18% share of opens, while the competitors saw uplifts of 14% and 39% respectively.

In addition, Red Sift and Entrust found that overall, when a brand’s emails had a logo but a competitor’s did not, opens increased by 21% in the US and 39% in the UK. What’s perhaps most interesting is that these findings appear to be irrespective of market share or brand size.

And buyer behavior?

In both the US and UK, we compared how logo visibility impacted purchasing decisions on emails from a selection of leading and competitor food delivery service brands. In the US, businesses without a logo within their email communications experienced a 24% loss, compared with a 34% gain for competitors who did have a logo enabled.

In the UK, a leading brand lost 39% of sales share due to the lack of a visible logo, whereas a competitor with a visible logo gained an impressive 32% sales increase.

Step-by-step guide

To implement BIMI, you need to have a DMARC record in place and your organization’s sending and apex domains must be DMARC compliant (in a policy of quarantine or reject). 

Organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject) and a BIMI record. 

A MC can either be a Verified Mark Certificate (VMC) with a registered trademark, a Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.

Read our detailed guide on the key considerations before implementing BIMI.

What is DMARC?

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a security protocol that protects businesses from exact domain impersonation and its harmful effects. 

When correctly configured, it works using existing security protocols SPF and DKIM to tell any receiving servers that an email coming from your domain is legitimate, and stops unauthenticated and unauthorized email. This stops hackers using your domain for phishing attempts against your customers, employees and suppliers and has also been shown to improve email deliverability and placement.

What are the benefits of DMARC?

Read our definitive guide to implementing DMARC for your business

What is a Verified Mark Certificate (VMC)? 

A Verified Mark Certificate (VMC) is a digital certificate issued by an authorized certification authority that enables organizations to display their registered logo next to their email messages in supported email clients. It is part of the broader Brand Indicators for Message Identification (BIMI) standard, which aims to provide visual confirmation of the email sender’s identity, thereby building trust and increasing email security.

What is a Government Mark Certificate (GMC)? 

A Government Mark Certificate (GMC) is a digital certificate designed specifically for government agencies and entities to authenticate their email communications. Similar to Verified Mark Certificates (VMCs) used by commercial organizations, GMCs help government bodies establish trust and provide visual identity assurance when sending emails to the public and other stakeholders.

What are the benefits of a VMC or GMC?

  • Verified brand logo in inbox: VMC and GMC enables the display of a verified brand logo in email inboxes through BIMI, making emails easily identifiable to recipients.
  • Strengthened brand trust: When used with BIMI, VMC and GCMC reassures customers that the email is authentic and from a trusted source, reducing the risk of phishing.
  • Higher email open rates: Displaying the verified brand logo increases the likelihood of recipients opening the email, as BIMI logos are highly visible and convey trust.
  • Enhanced security: VMC or a GMC with BIMI requires DMARC enforcement, improving email security and reducing the risk of spoofing.

What is a Common Mark Certificate (CMC)? 

Common Mark Certificates (CMC) are the newest MC, enabling organizations to utilize BIMI in Gmail without requiring a registered trademark like VMC or GMC. This means businesses who have established use of a known logo but haven’t gone through the registered trademark process can utilize best practices in email communications by incorporating their brand into the inbox.

What are the benefits of a CMC?

  • Global recognition and accessibility: Common Mark Certificates can be recognized across Gmail’s global domains, making the BIMI mark understandable and trustworthy for a broad audience.
  • Simplicity in cross-border compliance: Common Mark Certificates simplify compliance with BIMI's requirements, especially for multinational brands looking to present a consistent image in various jurisdictions.
  • Improved brand perception: Displaying a logo via a CMC through BIMI promotes the brand as a standard bearer of quality, which appeals to recipients seeking consistency and reliability. Customers are more likely to interact with emails, increasing engagement and click-through rates.
  • Eases international email delivery compliance: A Common Mark Certificate aids brands in meeting DMARC and BIMI requirements for international email platforms, enhancing deliverability and visibility.

Read more in our Gmail's Support for Verified Mark Certificates (VMC) in BIMI Adoption blog

What if I want to use BIMI for more than one domain/subdomain?

By default, a VMC on the organizational domain will cascade to all subdomains. However, if you’d like to use a different trademarked logo on a subdomain, you can do so. Keep in mind this will require a separate VMC chargeable at the current rate as each VMC is tied to a specific logo.

BIMI certification requirements for VMC:

  • DMARC Policy: Your domains must be DMARC-compliant, with an enforced policy (quarantine or reject).
  • Trademarked Logo: The logo you wish to display must be a registered trademark.
  • Certified Authority (CA): The VMC must be issued by an authorized CA, such as Entrust or DigiCert.
  • BIMI TXT Record: You need to publish a BIMI TXT record in your DNS, which includes the URL to your SVG logo file.

Approved jurisdictions

Country

Source

United States (US)

United States Patent and Trademark Office (USPTO)

https://www.uspto.gov/trademarks/apply

Canada (CA)

Canadian Intellectual Property Office https://www.ic.gc.ca/opic-cipo/cpd/eng/search/basic.html

European Union (EM)

European Union Intellectual Property Office

https://euipo.europa.eu/ohimportal/en

United Kingdom (GB)

UK Intellectual Property Office

https://www.gov.uk/search-for-patent

Germany (DE)

Deutsches Patent- und Markenamt

https://www.dpma.de/

Japan (JP)

Japan Trademark Office

https://www.j-platpat.inpit.go.jp/

Australia (AU)

IP Australia

https://search.ipaustralia.gov.au/trademarks/search/quick

Spain (ES)

Spain – Oficina Española de Patentes y Marcas

https://www.oepm.es/es/index.html

South Korea (KR)

Korean Intellectual Property Office

https://www.kipo.go.kr/en/MainApp

Brazil (BR)

Brazilian National Institute of Industrial Property

https://www.gov.br/inpi/en

India (IN)

Office of the Controller General of Patents, Designs & Trade Marks Department for Promotion of Industry and Internal Trade Ministry of Commerce & Industry, Government of India https://ipindia.gov.in/trade-marks.htm

Switzerland (CH)

Swiss Federal Institute of Intellectual Property

http://www.ige.ch/

Denmark (DK)

Danish Patent and Trademark Office

http://www.dkpto.org/

France (FR)

French Patent and Trademark Office (INPI)

http://www.inpi.fr/

New Zealand (NZ)

Intellectual Property Office of New Zealand (IPONZ)

http://www.iponz.govt.nz/

Sweden (SE)

Swedish Intellectual Property Office (PRV)

http://www.prv.se/

The verification process

  • Employee verification: The CA will verify your employment with the Higher Authority and/or your HR team
  • Video ID verification: Video call with a specialist that will verify your identity with a government ID
  • Domain validation: Verify you own domain by entering a TXT record in your DNS zone

What are the roles within EV verification?

  • Authorization contact: Provides the CA with authorization to issue VMC certificates for their organization. They will need to grant consent by email. 
  • Contract signer: They will accept the subscriber agreement on behalf of their organization. The agreement is online and is accepted as a click-through. This person can be the same as the Authorization Contact to simplify the process.
  • Higher authority: Also known as “Independent Confirmation” – they confirm that the Authorization Contact and Contract Signer are employed with the organization and authorized to act in these roles.

Why do you need a VMC or CMC for BIMI?

A VMC or CMC is a key requirement for BIMI implementation, particularly if you aim to use BIMI with email providers like Google. Without a mark certificate, your logo cannot be displayed, even if you have DMARC in place. A VMC or CMC confirms the ownership of your logo, acting as a visual confirmation that the email is from a trusted sender, enhancing your email branding efforts and boosting email marketing ROI.

Implementing a Verified Mark Certificate also leads to tangible benefits, such as increased open rates, higher email engagement, and improved brand visibility within the inbox.

How long does it take to implement BIMI?

The time it takes to deploy BIMI can vary from business to business. One of the most important steps is ensuring your domain is DMARC compliant. At Red Sift, we streamline this process through Red Sift OnDMARC, where the average time taken to get to p=reject is 6-8 weeks. 

It’s worth noting that exact time will depend on the number of sources that need configuring and the speed at which you can implement the needed changes.  

Additional factors include your organization’s size, the complexity of your infrastructure, and whether you are opting for a VMC or GMC. It can take anywhere from 3-6 months to get a registered logo trademark, depending on the country you’re in, versus a CMC where adoption time is expected to be shorter.

If you meet all the requirements, the actual verification process takes on average 7-10 business days.

Who supports BIMI?

Currently, the list of mailbox providers that support BIMI includes Google, Apple, Yahoo, and Fastmail, Zoho, web.de, among others. Check the full list here.

Learn more about the only integrated BIMI and VMC application available on the market today, Red Sift OnDMARC's BIMI feature.

How VMC appears based on email provider

Mobile vs desktop appearance

Understanding how your logo with BIMI implemented will appear on both desktop and mobile is an important step to ensuring your brand’s impact with cross-platform users.

See the image below for our guide on how a logo display is likely to appear. On a mobile-enabled platform, like the Gmail app, the logo will appear in the inbox preview, while on desktop, it will appear in the message preview.

Note: Both mobile and desktop view in Gmail only shows the verification mark enabled through a VMC in the message preview.

What about Apple Business Connect?

Apple has announced changes to its Business Connect function, including how a brand name or brand logo will be displayed in iPhone apps related to phone, email, and payments. 

It’s true that Apple’s update resembles some similarities to BIMI, but there remain significant differences. These include the setup process, logo requirements, and cost. While Apple’s option is essentially free, the logo display is limited only to iCloud Mail.

Why choose Red Sift?

Red Sift OnDMARC’s BIMI feature is the only integrated BIMI with VMC or CMC solution available on the market. It helps users take care of their MC application end to end, including obtaining a VMC/CMC without having to go directly to the Certificate Authority (CA).

Red Sift OnDMARC offers seamless integration with Entrust, enabling users to easily transfer application data between the two platforms via API. This streamlined process eliminates the need for managing multiple platforms, allowing customers to achieve the necessary DMARC policy and BIMI readiness in one place. By centralizing these tasks, users benefit from a simplified experience with full guidance from industry experts, making it easier to implement both DMARC enforcement and VMC or CMC acquisition through a single interface.

Beyond BIMI implementation, Red Sift OnDMARC offers a wide variety of additional benefits including:

  • Streamlined email security management: OnDMARC consolidates DMARC, SPF, DKIM, MTA-STS, and BIMI into a single platform, significantly reducing the complexity of managing email security across multiple systems. 
  • Close security gaps with automated protection: OnDMARC’s automated subdomain discovery ensures that every domain and subdomain sending email is protected, closing gaps that attackers could exploit. This full coverage minimizes the risk of phishing and spoofing attacks originating from unmonitored subdomains.
  • Stop email security threats that bypass DMARC: OnDMARC protects against email threats that can bypass DMARC. Through continuous monitoring for misconfigurations and forgotten records in DNS, OnDMARC ensures that email authentication remains effective and that gaps attackers might exploit are closed before they become issues. 
  • Reduce manual tasks and time consumption with Red Sift Radar: OnDMARC’s LLM-powered assistant (Radar) cuts down on manual tasks and gives security teams immediate, actionable insights to address email security issues. Real-time alerts flag misconfigurations, authentication issues, and unusual activity right away, so teams can respond faster. 
  • Dedicated support for fast DMARC implementation: The Red Sift team provides dedicated, hands-on 24/7 support throughout the setup and implementation process for OnDMARC. From initial configuration to ongoing adjustments, the team helps streamline the adoption of DMARC, SPF, DKIM, and MTA-STS, ensuring organizations achieve strong email security without delays or misconfigurations.

Validate your logo with OnDMARC

Red Sift OnDMARC offers validation that your logo is using the correct BIMI format, even prior to submitting an application. 

  1. Click on “start application” within the BIMI section of Red Sift OnDMARC dashboard
  2. Drag and drop or browse for your logo and OnDMARC will provide a validation. If your logo meets the criteria you will see confirmation of this on the screen, any errors with the logo will also be highlighted.

Ready to get started?

LinkedInInstagram