BIMI email records - a replacement for DKIM?
BIMI Records: Boost Email Security & Credibility. Learn how BIMI prevents email spoofing & which providers support it. Requirements for the BIMI Club included.
Brand Indicator for Message Identification (BIMI), a cutting-edge technique, aims to prevent email spoofing attempts while also boosting email sender credibility. Both a DNS TXT record and a BIMI record serve to identify the brand's logo. The company logo that appears next to each message in an inbox is shown in this entry.
With Bimi, email brand impersonation attempts by hackers will be very challenging. Although not all email clients will use the BIMI solution, it is being developed as an open standard. Companies that integrate it will benefit from additional security, as BIMI records could make a lot of difference.
What are the requirements to join the BIMI Club, and which email providers support BIMI? Read on to find out.
What Email Service Providers Support BIMI?
Google's commitment to the BIMI pilot in 2021 means that BIMI will have the support of two of the three biggest North American free mailbox providers, according to Len Shneyder, vice president of industry relations for Twilio Auth Indicators.
So the email providers supporting BIMI include:
- 250 ok.
BIMI support is available in beta through Verizon Media Group (Yahoo, AOL, Netscape), Gmail, and Fastmail. Additionally, BIMI will be adopted by Comcast and Seznam, whereas Microsoft has not yet announced that it will support the technology.
Requirements to Join the BIMI Club
To be a member of the BIMI Club, you must abide by some rules and have access to certain resources. What are these requirements?
1. You Must DMARC-authenticate the Sender's Domain
DMARC is an authentication technique that functions on top of SPF and/or DKIM. While SPF-specified IP addresses send emails on behalf of a specific domain, DKIM enables incoming servers to validate a message's headers and body.
The policy must be set to "reject" or "quarantine" to qualify for BIMI. DMARC runs either check (or both) and performs a separate domain alignment test for the methods used. It can also reject or quarantine emails that don't pass the test.
While setting up DKIM and SPF is a good idea, DMARC does not require it. For the BIMI record to have any impact, the DMARC protocol and both of these techniques are necessary.
2. The Domain Owner Needs to Obtain the Right Certification
You must have proof of domain ownership to use Mark Verifying Authorities (MVA), an additional security measure. The two relevant certifying organizations issuing VMCs (Verified Mark Certificates) for BIMI are DigiCert and Entrust Datacard.
To be admitted, you must obtain an EV (Extended Validation) certificate and meet several other requirements.
- Establish the owner or who has permission to use a registered trademark.
- Obtain the registration of this trademark with a reputable authority.
- Verify that the trademark and the logo from the BIMI record correspond.
- Verify that the person registering a domain name is the owner of the trademark associated with it.
A specific certification won't be issued by the MVA until each of these conditions has been met. Remember that you will require multiple VMCs if you need to secure multiple domains. The same is true for logos.
3. Build a Good Sending History
For your domain and IP address to be eligible for BIMI, you need to have the following;
Have a strong and active subscriber base.
No email bounces or spam reports
An established history of sending a lot of emails
Creating BIMI Records
You can make your own BIMI record by adding the appropriate record to your Domain Name System (DNS) if you satisfy the requirements. Next, upload your logo to a public HTTPS address, preferably in SVG format.
Add a TXT record for default._bimi.DomainAddress with the following structure.
Where can BIMI Authentication Make a Difference?
The security and marketing aspects are two vital areas where BIMI can have a significant impact.
1. Security Impact
Although DKIM and SPF work to stop spoofing, savvy fraudsters can get around these safeguards. It is possible to breach even the much more challenging DMARC. BIMI can salvage the situation here.
The absence of a brand's logo when a BIMI record is present might raise a red flag for users accustomed to seeing branding for every email. The BIMI framework offers defenses against fraudulent senders who spoof logos.
2. Marketing Impact
According to the study, incorporating the BIMI Standards logo raises open rates regardless of how strong a brand is or how much market share it holds. Customers were more responsive to emails with the brand's logo on them.
Again, the presence of instantly recognizable brand logos in the inbox directly affected the likelihood of a purchase. It's also motivating for creating a brand strategy and communication plan.
BIMI will probably include more online communication channels. Those who participate can quickly develop recognition and steadily increase brand awareness.
The rebranding will also go more smoothly than usual because every time an email is delivered, the BIMI logo is fetched from a DNS. You can use MailSlurp to create custom mailservers with BIMI records for top sender reputation. Try a free account today.