Brand Indicators for Message Identification

Brand Indicators for Message Identification, or BIMI (/ˈbɪmi/), is a specification allowing for the display of brand logos next to authenticated e-mails.

Design

There are two parts to BIMI: a method for domain owners to publish the location of their indicators, and a means for mail transfer agents (MTAs) to verify the authenticity of the indicator.[1][2]

To implement BIMI, companies need a valid DMARC DNS record with a policy of either quarantine or reject, an exact square logo for the brand in SVG Tiny P/S format,[3] and a DNS TXT record for the domain indicating the URI location of the SVG file. The only supported transport for the SVG URI is HTTPS.[1] The BIMI DNS record is in the following format: 

default._bimi   TXT   "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/image/certificate.pem"

(The a= part is optional. When present, it defines an evidence document; the only current form of this file is called a Verified Mark Certificate (VMC), described below. When absent, the BIMI record is considered self-asserted.)

Additionally, services such as Gmail require that a VMC be acquired and presented with the TXT record in order for the brand logo to be displayed in the inbox.[4] These factors alone will not guarantee a BIMI logo will be displayed as heuristics (like spam and spoofing) and reputation will be a key part in BIMI validity.[5]

To query the value of the default._bimi TXT record for a given domain, one can use the dig command-line tool. For example, the following command will query the TXT record for the example.com domain: dig +short default._bimi.example.com TXT.

Implementations

A working group of several companies named "BIMI Group" has formed to develop and support standardization of BIMI in IETF.[6][7]

As of June 2023 the following e-mail services have implemented support for BIMI:[8]

Email clients supporting BIMI
Client Requires VMC Notes
AOL Mail Unknown [9]
Apple Mail Yes [10][11]
Fastmail No [12][13]
Gmail Yes [14][15]
La Poste No [16] Domains without VMCs must be submitted and manually verified by La Poste.[16]
Yahoo! Mail No [17] Only for bulk messages from high-reputation domains[17]

History

The BIMI Working Group was founded in 2019.[18]

Contributors

The contributors of BIMI specifications, called the BIMI Group, also called Authindicators Working Group,[18][19] include:

  • Agari
  • Comcast
  • Google
  • LinkedIn
  • Return Path from Validity
  • Valimail
  • Verizon Media (Yahoo)

References

  1. ^ a b "Brand Indicators for Message Identification (BIMI) Draft". Internet Engineering Task Force. IETF Trust. Retrieved 5 May 2023.
  2. ^ "BIMI Up, Scotty! A look at Brand Indicators for Message Identification (BIMI) Adoption with R and the Alexa Top 1m". Security Boulevard. 2020-02-21. Retrieved 2021-02-08.
  3. ^ "Implementation Guide". BIMI Group. Retrieved 9 February 2021.
  4. ^ "Get your Verified Mark Certificate (VMC) - Google Workspace Admin Help". support.google.com. Retrieved 2023-01-25.
  5. ^ Group, BIMI (2021-09-10). "VMCs Aren't a Golden Ticket for BIMI Logo Display". BIMI Group. Retrieved 2023-01-25. {{cite web}}: |last= has generic name (help)
  6. ^ "BIMI Working Group". BIMI Group. BIMI Group. Retrieved 8 February 2021.
  7. ^ "Google's Gmail Is Getting Support For A New Email Feature That Allows Brands To Display Their Logos In The Avatar Slot". Retrieved 2021-02-08.
  8. ^ "BIMI Support by Mailbox Provider". BIMI Group. Retrieved 2023-06-09.
  9. ^ "BIMI support in AOL Mail". AOL Help. Retrieved 2023-06-09.
  10. ^ "Prepare your email server for BIMI support in Apple Mail". Apple Developer. Retrieved 2023-06-09.
  11. ^ "BIMI Rolling Out to All Apple Inboxes in Fall 2022". BIMI Group. Retrieved 2023-06-09.
  12. ^ "Using BIMI in Fastmail". Fastmail Help Center. Retrieved 2023-06-09.
  13. ^ "BIMI for Non-Trademarked Logos". BIMI Group. Retrieved 2023-06-09.
  14. ^ "Advancing email security for Gmail and beyond with BIMI". Google Workspace Blog. Retrieved 2023-06-09.
  15. ^ "Add a brand logo to outgoing email with BIMI". Google Workspace Help. Retrieved 2023-06-09.
  16. ^ a b "La Poste Announces Support for BIMI". BIMI Group. Retrieved 2023-06-09.
  17. ^ a b "BIMI, Mail". Yahoo Developer Network. Retrieved 2023-06-09.
  18. ^ a b "Authindicators Working Group | LinkedIn".
  19. ^ Group, BIMI (July 24, 2019). "Google Joins AuthIndicators Working Group and Commits to BIMI Pilot". {{cite web}}: |last= has generic name (help)