BIMI, a new standard offered by Apple Mail, Google, Verizon Media Group (Yahoo, AOL), Netscape and Fastmail, that allows mailboxes to display logos, providing secure email authentication as well as helping to achieve better brand identity. Currently, there are worldwide pilot implementations of BIMI underway, so we decided to ask Marcin Kujawski, IT Director at EmailLabs, to clear some doubts by explaining 6 basic questions about BIMI.
1. What is BIMI?
MK: BIMI is a new standard developed by the BIMI Group association that aims to make email communications more secure, essentially extending the standards which are already in place by adding visual identification. One of the best ways to verify how your message will look in providers eyes is offered by mailchecker.net, which also lets you test your readiness for the implementation of BIMI.
2. Why should companies implement the BIMI standard as soon as possible?
MK: First of all, it is worth noting that providers such as Gmail and Yahoo have already decided to implement this standard. Since it is only in the testing phase, we are not yet sure what impact BIMI will have on deliverability. However, given the technical specifications, it will certainly be a key element in the spam filters used by the major providers. Yet another argument for implementing BIMI is the fact that it makes it easier for recipients to recognize emails from trusted senders, which increases the CTR (click-through rate) and OR (open rate) of our messages.
3. What conditions must be met to implement BIMI?
MK: The first and probably the most important requirement will be DMARC (a protocol used to determine the authenticity of an email message), but the policy we need to set is “reject” or “quarantine” at the level of 100% of rejected emails in case of DMARC error. Additionally, there must be a special record in the DNS system that indicates from which location the sender logo (and certificate) is to be retrieved. Additionally, different logos can be used e.g. for separate departments of our organization.
4. Is VMC certification required?
MK: The specification published by the BIMI Group says that a VMC (a protocol used to determine the authenticity of an email message) is not required, however, it can be expected that most major postal services will require this certificate to prove identity, especially since obtaining it involves a multistage verification of the applicant – during the process, it will be checked, among other things, whether the logo which the future sender wants to use is his intellectual property (e.g. a registered).
5. What is the stage of implementation for Polish/global companies?
MK: The first BIMI users can already access BIMI as part of a closed partnership program offered by Gmail and Yahoo. It is also worth mentioning that CNN was one of the first brands to have its logo displayed next to an email. The pace of introducing new security measures by Czechs is also noteworthy – Seznam.cz is very interested in implementing an additional security layer for its users’ mailboxes. In Poland, however, everything indicates that we will have to wait a bit longer, which does not mean our local providers are not prepared for such an eventuality. In fact, recently we had an interesting discussion with one of the largest Polish providers and it turned out that the operator is interested in implementing BIMI.
6. How can BIMI improve security?
MK: The implementation of BIMI by ISPs will certainly have a very positive impact on improving the security of emails. It is worth noting here that the DMARC, which was created due to the ease of bypassing email-authentication protocols such as SPF and DKIM, theoretically cannot be broken when an attack is carried out via our domain. However, if an attacker decides to use a different domain, phishing (a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim) will be much harder to detect and DMARC itself will not work. This is where the BIMI protocol comes into play – because it displays a logo, it can turn out to be a “phishing killer”. So if a user sees a logo of e.g. his bank in a message, which will be signed with a certificate that guarantees that it is a symbol of a given organization, he or she can be certain that the message does not come from a person assuming a false identity but a trusted sender.
Are you interested in implementing BIMI or need any further recommendations for improving your email security? Contact EmailLabs, and our specialists will provide you with all the necessary information. Please also check our first publication “BIMI – why does your company need it?” where we thoroughly describe the new standard and the benefits of its implementation.
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
We are proud to announce that Vercom S.A., the company behind the EmailLabs project, successfully passed an audit for compliance with the latest ISO/IEC 27001:2022 and ISO/IEC 27018:2019 standards....
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Gmail users may soon benefit from a game-changing feature called Shielded Email, designed to enhance privacy and combat spam. While the feature has not yet been officially launched, recent...
Are you frustrated with the constant struggle of your emails getting blocked by Gmail? Have you ever wondered about the reasons behind this issue and, more importantly, how to...
In the ever-evolving landscape of email management, Google has announced an exciting upgrade to Gmail’s summary cards, aimed at improving user experience and streamlining inbox navigation. The latest enhancements,...
Entering the world of email communication, you’ll encounter many terms that initially seem straightforward and intuitive. However, some of these can be pretty challenging. Accurately distinguishing between them is...
Attaching a folder to an email may seem complicated at first glance, especially if you’re trying to send multiple files or an entire project’s documents to a colleague or...