There are many advantages that come with implementing the BIMI standard for brands. Undoubtedly, the most important one is the protection of e-mails against phishing. Besides, displaying your brand logo in the inbox list is another way to expose your brand, encourage people to open your emails and increase conversions from this communication channel.
BIMI has been supported by the Verizon Group since its beginning: Yahoo joined the program first and does not require VMC certification to display the logo in its inboxes. Google in turn officially announced in July 2021 that it will support the new standard – senders who secure their emails with SPF, DKIM and implement DMARC can display their logo in Gmail inboxes. Please note that it must be verified and registered as a trademark with a VMC certificate. What is more, if the quality check of your communication proves that your infrastructure is not on any black list, you can display the logo to all users of this email program.
It is possible to display the logo in the mailbox after meeting several requirements. These include proper DMARC configuration, preparing approved logo that meets BIMI standards, a multistep verification process of the company and the company representative, domain validation and publishing a BIMI-compliant logo in the DNS.
Bear in mind that BIMI implementation consists of several steps. How to get a Verified Mark Certificate for BIMI? You can either deploy it on your own, or choose to work with the EmailLabs, which will walk you through the entire process.
Here are some ideas to help you get started.
You will need to implement SPF, DKIM, and DMARC as the first step in obtaining BIMI authorization. EmailLabs has been supporting brands in adopting these standards for years and can help with setting them up. With SPF, DKIM, and DMARC, you are protecting sender against spoofing while increasing the deliverability of your communications. Additionally, DMARC provides the ability to handle reports from email servers that receive messages from a domain.
Thanks to DMARC, you can decide whether e-mails regarded as phishing or spoofing should be sent into spam, blocked or delivered. Noteworthy, an enforced DMARC policy is required to implement BIMI: “p=quarantine” or “p=reject”. All details about DMARC are available in our previous publication “Why DMARC and how to enable it?“.
Once you have DMARC, you should think about a BIMI compliant logo – please note that to meet BIMI requirements it must be trademarked, so you should register it with the patent office. For Poland, it is the UPRP, for the European Union – EUIPO, and for the USA it is the USPTO. If your logo has not yet undergone the registration procedure, it is worth consulting your legal department or lawyer immediately, since the whole process takes several months. However, if you already have a registered trademark, you can check how your logo looks in the inbox. You can use the look-up available on the Digicert website.
At the same time you can work on getting a VMC. Verified Mark Certificate is a new type of digital certificate that authenticates the logo associated with the email sender’s domain. To obtain it you must go through organization and domain verification, during which the right to use the domain name will be reviewed. Next, you have a face-to-face interview with a representative of a certifying organization such as DigiCert or Entrust. Yet, we’ve learned from an announcement by the BIMI team that the list of institutions issuing VMCs will gradually expand over time.
The next step is to visit a notary public – as part of the service associated with the BIMI implementation, EmailLabs recommends the notary public in your region that offers VMC legal assistance.
Once you’ve gone through the process, you will need to verify whether the message passes authentication. To do so, the inbox provider queries the DNS servers for a BIMI record – if such exists, the ISP (Inbox Service Provider) can use the logo while displaying the message in the inbox.
Meeting all the above conditions is not enough to keep your brand logo visible in the inbox. Also, maintaining email deliverability best practices, such as database hygiene, personalized and engaging communication, suppression of users marking our messages as spam are required. Otherwise, you won’t be able to expect the brand logo to appear in the user’s mailboxes. Thus, BIMI acts as a reward for good mailing practices – it does not replace rules but is rather an extension of existing ones.
A Verified Mark Certificate (VMC) costs around 1417 EUR net per year. Since EmailLabs cooperates with Domeny.pl, (the only distributor of VMC certificates in Poland) certification can be offered with an attractive discount. Besides, EL helps in DMARC configuration and supports brands in obtaining VMC certificate by offering our BIMI Project Manager assistance. A the same time ensuring highest results in email deliverability so that your company logo is displayed in supported inboxes.
The implementation of BIMI means increased brand recognition and customer trust. Furthermore, having a verified brand certificate companies can also expect improved deliverability and increased open rates for companies using this authentication.
However, the ultimate goal of BIMI is to provide additional protection against potential threats such as phishing and spoofing. Unsurprisingly, the list of email providers supporting BIMI continues to grow – currently, in addition to Google, BIMI is offered by providers from Verizon Media, such as Yahoo, Aol and Netscape as well as Pobox from the Fastmail Group. In our domestic market, we observe a slightly slower pace of BIMI deployment. So far, only Onet is planning to implement it, yet, other inbox providers do not exclude the possibility of joining the BIMI program shortly.
Do you want to learn more about BIMI verification and the process of obtaining a VMC certificate? Contact us and EmailLabs experts will provide you with any additional information.
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
Cybercriminals are thriving in their attacks, using communication channels such as sms, push and email. Day by day, attacks aimed at obtaining sensitive information related to these channels are...
The Council of Ministers, Republic of Poland, has adopted the draft of the Act on combating abuses in electronic communication. Proposed solutions should combat the most popular forms of...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Google has announced the release of a new feature to help users differentiate messages from verified senders from those trying to impersonate them. Google Workspace users and Gmail owners...
Although the term “return path” might seem self-explanatory, many companies aren’t familiar with the process it denotes. Simply put, the return path is a hidden header that indicates where the...