Brand Indicators for Message Identification (BIMI) is an email standard introduced in 2021 that enables businesses to show their brand logo in the avatar slot of the Domain-based Message Authentication, Reporting and Conformance (DMARC) authenticated emails they send. This means businesses can proactively protect recipients of their email from bad actors. If you're a technical administrator, marketer, or business leader, implementing BIMI will mean you reap the benefits of better deliverability and higher open rates.

Email continues to be the most popular way for businesses globally to communicate, so it’s crucial organizations implement the best methods for ensuring both authenticity and brand experience.

BIMI inserts a logo alongside emails of participating providers. It doesn’t prevent business email compromise (BEC)—that’s DMARC’s job—however, if someone tried to spoof you when you have BIMI in place, your logo won’t appear, and depending on your policy, the email may not even arrive. 

Similar to SPF, DKIM, and DMARC records, your BIMI record lives in your DNS as a text (TXT) file. When an email you send arrives in the recipient inbox, the recipient server looks this up to check that it’s coming from a verified sender (using DMARC). Once authenticated, the BIMI TXT file informs the recipient server of the logo’s location, and it is then made visible in the recipient inbox.

Implementing BIMI can significantly boost your brand recognition and email engagement, which are crucial factors for marketing success. With BIMI, your company's logo is displayed directly in the recipient’s inbox next to your email, helping your messages stand out among the clutter. This enhanced brand visibility establishes trust and credibility with your audience, leading to higher open rates and click-through rates. 

A recognizable logo can immediately evoke trust and familiarity, which is a key advantage in increasing email engagement metrics. By adopting BIMI, you create a consistent visual identity across your email communications, helping your brand gain a competitive edge.

From an email security perspective, DMARC—the protocol that powers BIMI—plays a vital role in reducing phishing attacks and email spoofing, providing better protection for your brand and recipients. Beyond its importance to email security, BIMI offers a host of other benefits for businesses, including improved brand visibility, increased trust in email legitimacy, and better brand recall. It’s even been shown to have an impact on consumer buying behavior.

To implement BIMI, you need to have a DMARC policy in place and your organization’s sending and apex domains must be DMARC compliant (in a policy of quarantine or reject). 

Organizations are required to use a Mark Certificate (MC) from an authorized Certificate Authority (CA), which works alongside an organization’s DMARC policy that is required at enforcement (either quarantine or reject). 

A Mark Certificate can either be a Verified Mark Certificate (VMC) with a registered trademark, Government Mark Certificate (GMC) for government agencies, or now, the newly introduced Common Mark Certificate (CMC) for established brands.

Read our detailed guide on the key considerations before implementing BIMI.

DMARC (Domain-based Message Authentication, Reporting and Conformance) is a security protocol that protects businesses from exact domain impersonation and its harmful effects. 

When correctly configured, it works using existing security protocols SPF and DKIM to tell any receiving servers that an email coming from your domain is legitimate. This stops hackers using your domain for phishing attempts against your customers, employees and suppliers and has also been shown to improve email deliverability and placement.

A Verified Mark Certificate (VMC) is a digital certificate issued by an authorized certification authority that enables organizations to display their registered logo next to their email messages in supported email clients. It is part of the broader Brand Indicators for Message Identification (BIMI) standard, which aims to provide visual confirmation of the email sender’s identity, thereby building trust and increasing email security.

A Government Mark Certificate (GMC) is a digital certificate designed specifically for government agencies and entities to authenticate their email communications. Similar to Verified Mark Certificates (VMCs) used by commercial organizations, GMCs help government bodies establish trust and provide visual identity assurance when sending emails to the public and other stakeholders.

Common Mark Certificates (CMC) are the newest MC, enabling organizations to utilize BIMI in Gmail without requiring a registered trademark, as required through VMC or GMC. This means businesses who have established use of a trademarked logo but haven’t gone through the registered trademark process can utilize best practices in email communications by incorporating their brand into the inbox.

BIMI Certification Requirements for VMC

• DMARC Policy: Your domain must be DMARC-compliant, with an enforced policy (quarantine or reject).
• Trademarked Logo: The logo you wish to display must be a registered trademark.
• Certified Authority (CA): The VMC must be issued by an authorized CA, such as Entrust or DigiCert.
• BIMI TXT Record: You need to publish a BIMI TXT record in your DNS, which includes the URL to your SVG logo file.

A VMC or CMC is a key requirement for BIMI implementation, particularly if you aim to use BIMI with email providers like Google. Without a mark certificate, your logo cannot be displayed, even if you have DMARC in place. A VMC or CMC confirms the ownership of your logo, acting as a visual confirmation that the email is from a trusted sender, enhancing your email branding efforts and boosting email marketing ROI.

Implementing a Verified Mark Certificate also leads to tangible benefits, such as increased open rates, higher email engagement, and improved brand visibility within the inbox.

The time it takes to deploy BIMI can vary from business to business. One of the most important steps is ensuring your domain is DMARC compliant. At Red Sift, we streamline this process through Red Sift OnDMARC, where the average time taken to get to p=reject is 6-8 weeks, 

It’s worth noting that exact time will depend on the number of sources that need configuring and the speed at which you can implement the needed changes.  

Additional factors include your organization’s size, the complexity of your infrastructure, and whether you are opting for a VMC or GMC. It can take anywhere from 3-6 months to get a registered logo trademark, depending on the country you’re in versus a CMC where adoption time is expected to be shorter.

Currently, the list of mailbox providers that support BIMI includes Google, Apple, Yahoo, and Fastmail, Zoho, web.de, among others. Check the full list here.

Red Sift OnDMARC’s BIMI feature is the only integrated BIMI and Verified Mark Certificate (VMC) solution available on the market. It helps users take care of their BIMI application end to end, including obtaining a VMC without having to go directly to the Certificate Authority (CA).

Red Sift OnDMARC offers seamless integration with Entrust, the CA that provides Verified Mark Certificates (VMCs), enabling users to easily transfer application data between the two platforms via API. This streamlined process eliminates the need for managing multiple platforms, allowing customers to achieve the necessary DMARC policy and BIMI readiness in one place. By centralizing these tasks, users benefit from a simplified experience with full guidance from industry experts, making it easier to implement both DMARC enforcement and VMC acquisition through a single interface.