BIMI, a new standard offered by Apple Mail, Google, Verizon Media Group (Yahoo, AOL), Netscape and Fastmail, that allows mailboxes to display logos, providing secure email authentication as well as helping to achieve better brand identity. Currently, there are worldwide pilot implementations of BIMI underway, so we decided to ask Marcin Kujawski, IT Director at EmailLabs, to clear some doubts by explaining 6 basic questions about BIMI.
1. What is BIMI?
MK: BIMI is a new standard developed by the BIMI Group association that aims to make email communications more secure, essentially extending the standards which are already in place by adding visual identification. One of the best ways to verify how your message will look in providers eyes is offered by mailchecker.net, which also lets you test your readiness for the implementation of BIMI.
2. Why should companies implement the BIMI standard as soon as possible?
MK: First of all, it is worth noting that providers such as Gmail and Yahoo have already decided to implement this standard. Since it is only in the testing phase, we are not yet sure what impact BIMI will have on deliverability. However, given the technical specifications, it will certainly be a key element in the spam filters used by the major providers. Yet another argument for implementing BIMI is the fact that it makes it easier for recipients to recognize emails from trusted senders, which increases the CTR (click-through rate) and OR (open rate) of our messages.
3. What conditions must be met to implement BIMI?
MK: The first and probably the most important requirement will be DMARC (a protocol used to determine the authenticity of an email message), but the policy we need to set is “reject” or “quarantine” at the level of 100% of rejected emails in case of DMARC error. Additionally, there must be a special record in the DNS system that indicates from which location the sender logo (and certificate) is to be retrieved. Additionally, different logos can be used e.g. for separate departments of our organization.
4. Is VMC certification required?
MK: The specification published by the BIMI Group says that a VMC (a protocol used to determine the authenticity of an email message) is not required, however, it can be expected that most major postal services will require this certificate to prove identity, especially since obtaining it involves a multistage verification of the applicant – during the process, it will be checked, among other things, whether the logo which the future sender wants to use is his intellectual property (e.g. a registered).
5. What is the stage of implementation for Polish/global companies?
MK: The first BIMI users can already access BIMI as part of a closed partnership program offered by Gmail and Yahoo. It is also worth mentioning that CNN was one of the first brands to have its logo displayed next to an email. The pace of introducing new security measures by Czechs is also noteworthy – Seznam.cz is very interested in implementing an additional security layer for its users’ mailboxes. In Poland, however, everything indicates that we will have to wait a bit longer, which does not mean our local providers are not prepared for such an eventuality. In fact, recently we had an interesting discussion with one of the largest Polish providers and it turned out that the operator is interested in implementing BIMI.
6. How can BIMI improve security?
MK: The implementation of BIMI by ISPs will certainly have a very positive impact on improving the security of emails. It is worth noting here that the DMARC, which was created due to the ease of bypassing email-authentication protocols such as SPF and DKIM, theoretically cannot be broken when an attack is carried out via our domain. However, if an attacker decides to use a different domain, phishing (a type of social engineering where an attacker sends a fraudulent message designed to trick a human victim) will be much harder to detect and DMARC itself will not work. This is where the BIMI protocol comes into play – because it displays a logo, it can turn out to be a “phishing killer”. So if a user sees a logo of e.g. his bank in a message, which will be signed with a certificate that guarantees that it is a symbol of a given organization, he or she can be certain that the message does not come from a person assuming a false identity but a trusted sender.
Are you interested in implementing BIMI or need any further recommendations for improving your email security? Contact EmailLabs, and our specialists will provide you with all the necessary information. Please also check our first publication “BIMI – why does your company need it?” where we thoroughly describe the new standard and the benefits of its implementation.
Gmail has announced significant changes in the requirements for email senders to maintain a good reputation and proper classification of messages in user inboxes starting from February 1, 2024....
Vercom S.A. public joint-stock company to which the EmailLabs project belongs, has been assessed and certified to be compliant with the ISO/IEC 27001 and ISO/IEC 27018 standards. The Vercoms’...
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Have you ever sent an email in haste and immediately wished you hadn’t? It happens more often than we’d like to admit. If you ever find yourself in this...
One safe and easy way to keep track of your digital interactions is to save emails as PDFs. However, do you know the best ways to easily turn your emails into PDF files? In this article, we’ll look into the different ways you can do to turn your emails into accessible PDF files. Let’s start! Key Takeaways To save emails...
Sending large files online can sometimes feel like maneuvering through a maze with unexpected twists and turns. The frustration of hitting attachment size limits or dealing with slow uploads...
Have you ever sent an email in haste and immediately wished you hadn’t? It happens more often than we’d like to admit. If you ever find yourself in this...
One safe and easy way to keep track of your digital interactions is to save emails as PDFs. However, do you know the best ways to easily turn your emails into PDF files? In this article, we’ll look into the different ways you can do to turn your emails into accessible PDF files. Let’s start! Key Takeaways To save emails...
Sending large files online can sometimes feel like maneuvering through a maze with unexpected twists and turns. The frustration of hitting attachment size limits or dealing with slow uploads...
Are you a bit baffled by email protocols like IMAP, POP3, and SMTP? Have no fear – this article is here to explain it all. If you have ever...
In 2024, global providers like Gmail and Yahoo have implemented a series of changes, primarily targeting bulk senders. These changes, already in effect, are part of a continuous update...
In the face of dynamic technological advancements and increasingly sophisticated cyber threats, ensuring network security has become crucial. Dozen security incidents present a challenge that we cannot afford to...
Google and Yahoo's Requirements
2024 marks a turning point in the fast-paced world of email deliverability, as this is the year when Google and Yahoo updated their sender requirements. With the enforcement period...
Best practices, Email Marketing
B2B email marketing – it’s a term you’ve likely heard before, but what does it really entail? And, more importantly, how can it be done effectively? In this article,...
Deliverability, Sending Reputation
Email sender reputation is one of the most important factors that can determine whether your emails reach the intended recipient or not. So, what is the email sender reputation,...