Configure BIMI

Configure Brand Indicators for Message Identification

Last updated 6 months ago

Was this helpful?

Configure BIMI

Configure Brand Indicators for Message Identification

Overview

Brand Indicators for Message Identification (BIMI) enables brands to display their logos beside emails in recipients' inboxes, enhancing brand recognition and trust. Follow these steps to set up BIMI for your domain. Also see -

The benefits of setting up BIMI include:

Enhanced Brand Recognition: Displaying your logo increases brand visibility.
Increased Trust and Engagement: Verified logos boost recipient confidence, potentially improving open rates.

Step 1: Ensure Strong Email Authentication

To meet BIMI requirements, your domain should have robust email authentication protocols in place. SPF, DKIM, and DMARC are the core standards required.

SPF (Sender Policy Framework)

SPF specifies which mail servers are authorised to send email on behalf of your domain, helping to prevent spoofing.

Bird automatically sets up SPF for you to send mail from your email channel.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to outgoing emails, which recipients can use to verify that the email originated from your domain and wasn’t altered in transit.

DKIM should be setup as part of verifying your domain when

DMARC (Domain-based Message Authentication, Reporting & Conformance)

Create a DMARC Record

Create a TXT record in your DNS with the name _dmarc.yourdomain.com.

Specify the Policy

To meet BIMI requirements, set the p (policy) value to quarantine or reject:
- p=quarantine (Flag Suspicious Emails): Instructs receiving servers to treat failed emails as suspicious and place them in the spam/junk folder. Example: v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
- p=reject (Full Enforcement): Directs receiving servers to completely reject failed emails, blocking them from delivery. Example: v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
Additional Setting
- pct Tag: The pct (percentage) tag specifies the percentage of emails to which the policy applies, useful when gradually enforcing stricter policies (e.g., pct=50 applies the policy to 50% of emails).
- sp Tag: The sp tag applies a receiver policy to subdomains. For example sp=quarantine;

Add Reporting Addresses

Use the rua (aggregate reports) and ruf (forensic reports) tags to receive reports on how your emails are handled, allowing you to monitor email traffic and detect spoofing attempts. Example v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; pct=100;
- rua sends aggregate reports to dmarc-reports@yourdomain.com.
- ruf sends forensic (failure) reports to dmarc-failures@yourdomain.com

Not all receiving mail servers send forensic reports, and some may redact certain information for privacy reasons.

Monitor DMARC Reports

DMARC reports provide data on emails sent from your domain. Use this data to track unauthorised use of your domain and adjust your SPF and DKIM settings as necessary.

Step 2: Prepare Your Brand Logo

Your Brand Logo must be hosted on the same domain as your email domain

Trademarked vs non trademarked logos

To be eligible for a Verified Marked Certificate (VMC), your logo must be trademarked with an intellectual property office that’s recognized by VMC issuers. We recommend working with your legal team or a lawyer to get your logo trademarked. The trademark process can take 6 to 12 months. For the most secure BIMI setup, we recommend getting a VMC whenever possible.

VMC

CMC

Pros

With a VMC get a blue checkmark from Google when sending to Gmail
Highest security / trust

Easier to obtain
No trademark required, as long as the logo has been in use on your website for 12 month

Cons

Harder to obtain (must use a trademarked version of your logo)

Don't get a blue checkmark from Google
Logo must have been in use on your website for at least 12 months

Logo specifications

Your brand logo must meet BIMI specifications:

SVG Tiny PS Format: Convert your logo to SVG Tiny Portable/Secure (SVG Tiny PS) format.
Public Access: Host the SVG file on a secure (HTTPS) server accessible via a public URL.
The image size must be a minimum height and width of 96 pixels.
The image size must be specified in absolute pixels. Example: width=”96” height=”96”
Don't use relative dimensions to specify image size. Example: width=”100%” height=”100%”
Set the <title> element using a value that reflects your organizations name

In addition to the requirements, here are recommendations for SVG file compatibility with Gmail:

The logo image should be centered in a square.
The logo image should appear on a solid color background. Transparent backgrounds might not display as expected.
The SVG file size should be 32 KB or smaller.
The SVG file should include the <desc> element (description) for accessibility.

Step 3: Obtain a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC)

If you have a trademarked logo and want a blue checkmark from Google for gmail, apply for a VMC

A Verified Mark Certificate (VMC) authenticates your logo’s ownership and is required by most major email providers, including Gmail. To obtain a VMC you must have a trademark registered against the logo you want to use. Otherwise if you have a non trademarked logo that has been in use on your website for 12 months you can apply for a Common Mark Certificate (CMC).

Gmail and other email clients support BIMI only with PEM files. Using a PEM file provides additional security for your logo because it was verified by the CA.

When your VMC or CMC is issued, you'll receive an entity certificate PEM file. Your SVG file (logo) and VMC/CMC are embedded in the PEM file.
Get any intermediate CA certificates and root CA certificates from the CA and append them to the PEM file in the order issued. Typically, the order is: Entity certificate, any intermediate CA certificate, root CA certificate. You'll add this file to your public web server in the next step.

Step 4: Upload the PEM file

Your PEM file must be hosted on the same domain as your email domain

Upload the PEM file (including all appended files) to your domain’s public web server.
Copy the PEM file URL because you'll include it in your BIMI assertion TXT record in the next step. Example PEM file URL: https://images.example.com/brand/certificate.pem

Step 5: Publish the BIMI DNS Record

To enable BIMI, publish a TXT record in your DNS settings.

Create the BIMI Record

Publish a TXT record at the subdomain default._bimi for your domain.

Record Content

Include the version, SVG logo location, and, if applicable, the VMC PEM file URL.

Example

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem;"

Step 6: Test and Monitor Your BIMI Implementation

After publishing, verify your BIMI setup:

Ongoing Monitoring: Regularly check email deliverability and logo visibility across different email clients.

Last updated 6 months ago

Was this helpful?

Overview

The benefits of setting up BIMI include:

Enhanced Brand Recognition: Displaying your logo increases brand visibility.
Increased Trust and Engagement: Verified logos boost recipient confidence, potentially improving open rates.

Step 1: Ensure Strong Email Authentication

To meet BIMI requirements, your domain should have robust email authentication protocols in place. SPF, DKIM, and DMARC are the core standards required.

SPF (Sender Policy Framework)

SPF specifies which mail servers are authorised to send email on behalf of your domain, helping to prevent spoofing.

Bird automatically sets up SPF for you to send mail from your email channel.

DKIM (DomainKeys Identified Mail)

DKIM adds a digital signature to outgoing emails, which recipients can use to verify that the email originated from your domain and wasn’t altered in transit.

DKIM should be setup as part of verifying your domain when

DMARC (Domain-based Message Authentication, Reporting & Conformance)

Create a DMARC Record

Create a TXT record in your DNS with the name _dmarc.yourdomain.com.

Specify the Policy

To meet BIMI requirements, set the p (policy) value to quarantine or reject:
- p=quarantine (Flag Suspicious Emails): Instructs receiving servers to treat failed emails as suspicious and place them in the spam/junk folder. Example: v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
- p=reject (Full Enforcement): Directs receiving servers to completely reject failed emails, blocking them from delivery. Example: v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
Additional Setting
- pct Tag: The pct (percentage) tag specifies the percentage of emails to which the policy applies, useful when gradually enforcing stricter policies (e.g., pct=50 applies the policy to 50% of emails).
- sp Tag: The sp tag applies a receiver policy to subdomains. For example sp=quarantine;

Add Reporting Addresses

Use the rua (aggregate reports) and ruf (forensic reports) tags to receive reports on how your emails are handled, allowing you to monitor email traffic and detect spoofing attempts. Example v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; pct=100;
- rua sends aggregate reports to dmarc-reports@yourdomain.com.
- ruf sends forensic (failure) reports to dmarc-failures@yourdomain.com

Not all receiving mail servers send forensic reports, and some may redact certain information for privacy reasons.

Monitor DMARC Reports

DMARC reports provide data on emails sent from your domain. Use this data to track unauthorised use of your domain and adjust your SPF and DKIM settings as necessary.

Step 2: Prepare Your Brand Logo

Your Brand Logo must be hosted on the same domain as your email domain

Trademarked vs non trademarked logos

If your logo isn’t trademarked, you can set up BIMI using a logo that has a Common Mark Certificate (CMC). To verify requirements for getting a CMC, check the current CAs that support BIMI at .

VMC

CMC

Pros

With a VMC get a blue checkmark from Google when sending to Gmail
Highest security / trust

Easier to obtain
No trademark required, as long as the logo has been in use on your website for 12 month

Cons

Harder to obtain (must use a trademarked version of your logo)

Don't get a blue checkmark from Google
Logo must have been in use on your website for at least 12 months

Logo specifications

Your brand logo must meet BIMI specifications:

SVG Tiny PS Format: Convert your logo to SVG Tiny Portable/Secure (SVG Tiny PS) format.
Public Access: Host the SVG file on a secure (HTTPS) server accessible via a public URL.
The image size must be a minimum height and width of 96 pixels.
The image size must be specified in absolute pixels. Example: width=”96” height=”96”
Don't use relative dimensions to specify image size. Example: width=”100%” height=”100%”
Set the <title> element using a value that reflects your organizations name

In addition to the requirements, here are recommendations for SVG file compatibility with Gmail:

The logo image should be centered in a square.
The logo image should appear on a solid color background. Transparent backgrounds might not display as expected.
The SVG file size should be 32 KB or smaller.
The SVG file should include the <desc> element (description) for accessibility.

Step 3: Obtain a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC)

If you have a trademarked logo and want a blue checkmark from Google for gmail, apply for a VMC

Gmail and other email clients support BIMI only with PEM files. Using a PEM file provides additional security for your logo because it was verified by the CA.

Submit your trademarked logo in SVG format and request a VMC or CMC from one of the certificate authorities listed in .
When your VMC or CMC is issued, you'll receive an entity certificate PEM file. Your SVG file (logo) and VMC/CMC are embedded in the PEM file.
Get any intermediate CA certificates and root CA certificates from the CA and append them to the PEM file in the order issued. Typically, the order is: Entity certificate, any intermediate CA certificate, root CA certificate. You'll add this file to your public web server in the next step.

Step 4: Upload the PEM file

Your PEM file must be hosted on the same domain as your email domain

Upload the PEM file (including all appended files) to your domain’s public web server.
Copy the PEM file URL because you'll include it in your BIMI assertion TXT record in the next step. Example PEM file URL: https://images.example.com/brand/certificate.pem

Step 5: Publish the BIMI DNS Record

To enable BIMI, publish a TXT record in your DNS settings.

Create the BIMI Record

Publish a TXT record at the subdomain default._bimi for your domain.

Record Content

Include the version, SVG logo location, and, if applicable, the VMC PEM file URL.

Example

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem;"

Step 6: Test and Monitor Your BIMI Implementation

After publishing, verify your BIMI setup:

BIMI Inspection Tools: Use tools like to confirm the BIMI record’s accuracy.
Ongoing Monitoring: Regularly check email deliverability and logo visibility across different email clients.