BIMI, a new standard offered by Apple Mail, Google, Verizon Media Group (Yahoo, AOL), Netscape and Fastmail, that allows mailboxes to display logos, providing secure email authentication as well as helping to achieve better brand identity. Currently, there are worldwide pilot implementations of BIMI underway, so we decided to ask Marcin Kujawski, IT Director at EmailLabs, to clear some doubts by explaining 6 basic questions about BIMI.
1. What is BIMI?
MK: BIMI is a new standard developed by the BIMI Group association that aims to make email communications more secure, essentially extending the standards which are already in place by adding visual identification. One of the best ways to verify how your message will look in providers eyes is offered by mailchecker.net, which also lets you test your readiness for the implementation of BIMI.
2. Why should companies implement the BIMI standard as soon as possible?
MK: First of all, it is worth noting that providers such as Gmail and Yahoo have already decided to implement this standard. Since it is only in the testing phase, we are not yet sure what impact BIMI will have on deliverability. However, given the technical specifications, it will certainly be a key element in the spam filters used by the major providers. Yet another argument for implementing BIMI is the fact that it makes it easier for recipients to recognize emails from trusted senders, which increases the CTR (click-through rate) and OR (open rate) of our messages.
3. What conditions must be met to implement BIMI?
MK: The first and probably the most important requirement will be DMARC (a protocol used to determine the authenticity of an email message), but the policy we need to set is “reject” or “quarantine” at the level of 100% of rejected emails in case of DMARC error. Additionally, there must be a special record in the DNS system that indicates from which location the sender logo (and certificate) is to be retrieved. Additionally, different logos can be used e.g. for separate departments of our organization.
4. Is VMC certification required?
MK: The specification published by the BIMI Group says that a VMC (a protocol used to determine the authenticity of an email message) is not required, however, it can be expected that most major postal services will require this certificate to prove identity, especially since obtaining it involves a multistage verification of the applicant – during the process, it will be checked, among other things, whether the logo which the future sender wants to use is his intellectual property (e.g. a registered).
5. What is the stage of implementation for Polish/global companies?
MK: The first BIMI users can already access BIMI as part of a closed partnership program offered by Gmail and Yahoo. It is also worth mentioning that CNN was one of the first brands to have its logo displayed next to an email. The pace of introducing new security measures by Czechs is also noteworthy – Seznam.cz is very interested in implementing an additional security layer for its users’ mailboxes. In Poland, however, everything indicates that we will have to wait a bit longer, which does not mean our local providers are not prepared for such an eventuality. In fact, recently we had an interesting discussion with one of the largest Polish providers and it turned out that the operator is interested in implementing BIMI.
6. How can BIMI improve security?
MK: The implementation of BIMI by ISPs will certainly have a very positive impact on improving the security of emails. It is worth noting here that the DMARC, which was created due to the ease of bypassing email-authentication protocols such as SPF and DKIM, theoretically cannot be broken when an attack is carried out via our domain. However, if an attacker decides to use a different domain, phishing (a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim) will be much harder to detect and DMARC itself will not work. This is where the BIMI protocol comes into play – because it displays a logo, it can turn out to be a “phishing killer”. So if a user sees a logo of e.g. his bank in a message, which will be signed with a certificate that guarantees that it is a symbol of a given organization, he or she can be certain that the message does not come from a person assuming a false identity but a trusted sender.
Are you interested in implementing BIMI or need any further recommendations for improving your email security? Contact EmailLabs, and our specialists will provide you with all the necessary information. Please also check our first publication “BIMI – why does your company need it?” where we thoroughly describe the new standard and the benefits of its implementation.
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Best practices, Email Marketing
B2B email marketing – it’s a term you’ve likely heard before, but what does it really entail? And, more importantly, how can it be done effectively? In this article,...
Deliverability, Sending Reputation
Email sender reputation is one of the most important factors that can determine whether your emails reach the intended recipient or not. So, what is the email sender reputation,...
Email Authentication, Sending Reputation
In the realm of email, sender authorization is a powerful tool wielded by local and global providers like Gmail, Yahoo, and AOL to combat spam. Additionally, as an authenticated...
Best practices, Email Marketing
B2B email marketing – it’s a term you’ve likely heard before, but what does it really entail? And, more importantly, how can it be done effectively? In this article,...
Deliverability, Sending Reputation
Email sender reputation is one of the most important factors that can determine whether your emails reach the intended recipient or not. So, what is the email sender reputation,...
Email Authentication, Sending Reputation
In the realm of email, sender authorization is a powerful tool wielded by local and global providers like Gmail, Yahoo, and AOL to combat spam. Additionally, as an authenticated...
As an integral part of your email infrastructure, SMTP and SMTP port numbers are not just for tech whizzes – they’re important for anyone using email. You’ve likely heard...
Ever wondered why you can’t attach a movie to an email? Or why won’t that PowerPoint presentation just send? It all comes down to the maximum size of email...
One of the most dire situations a business can face is unauthorized access to its company network. This breach can lead to the theft of valuable intellectual property and...
The Simple Mail Transfer Protocol (SMTP) holds significant importance in the realm of email communication. As a vital component of mail servers, SMTP takes charge of sending, receiving, and...
The significance of email protection and data security is growing exponentially in today’s digital world, with StartTLS emerging as a key player in this arena. As an encryption protocol...
Best practices, Sending Reputation
Are your email campaigns not getting the results you were hoping for? Low open rates and high bounce rates can be frustrating, but it may be possible to turn...