Configure BIMI
Configure Brand Indicators for Message Identification
Overview
Brand Indicators for Message Identification (BIMI) enables brands to display their logos beside emails in recipients' inboxes, enhancing brand recognition and trust. Follow these steps to set up BIMI for your domain. Also see - https://support.google.com/a/answer/10911320?hl=en#bimi-prereqs
The benefits of setting up BIMI include:
Enhanced Brand Recognition: Displaying your logo increases brand visibility.
Increased Trust and Engagement: Verified logos boost recipient confidence, potentially improving open rates.
Step 1: Ensure Strong Email Authentication
To meet BIMI requirements, your domain should have robust email authentication protocols in place. SPF, DKIM, and DMARC are the core standards required.
SPF (Sender Policy Framework)
SPF specifies which mail servers are authorised to send email on behalf of your domain, helping to prevent spoofing.
Bird automatically sets up SPF for you to send mail from your email channel.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to outgoing emails, which recipients can use to verify that the email originated from your domain and wasn’t altered in transit.
DKIM should be setup as part of verifying your domain when installing your email channel
DMARC (Domain-based Message Authentication, Reporting & Conformance)
Create a DMARC Record
Create a TXT record in your DNS with the name _dmarc.yourdomain.com.
Specify the Policy
To meet BIMI requirements, set the p (policy) value to quarantine or reject:
p=quarantine
(Flag Suspicious Emails): Instructs receiving servers to treat failed emails as suspicious and place them in the spam/junk folder. Example:v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
p=reject
(Full Enforcement): Directs receiving servers to completely reject failed emails, blocking them from delivery. Example:v=DMARC1; p=reject; pct=100; rua=mailto:dmarc-reports@yourdomain.com;
Additional Setting
pct
Tag: The pct (percentage) tag specifies the percentage of emails to which the policy applies, useful when gradually enforcing stricter policies (e.g., pct=50 applies the policy to 50% of emails).sp
Tag: The sp tag applies a receiver policy to subdomains. For examplesp=quarantine;
Add Reporting Addresses
Use the
rua
(aggregate reports) andruf
(forensic reports) tags to receive reports on how your emails are handled, allowing you to monitor email traffic and detect spoofing attempts. Examplev=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-failures@yourdomain.com; pct=100;
rua
sends aggregate reports todmarc-reports@yourdomain.com
.ruf
sends forensic (failure) reports todmarc-failures@yourdomain.com
Not all receiving mail servers send forensic reports, and some may redact certain information for privacy reasons.
Monitor DMARC Reports
DMARC reports provide data on emails sent from your domain. Use this data to track unauthorised use of your domain and adjust your SPF and DKIM settings as necessary.
Step 2: Prepare Your Brand Logo
Your Brand Logo must be hosted on the same domain as your email domain
Trademarked vs non trademarked logos
To be eligible for a Verified Marked Certificate (VMC), your logo must be trademarked with an intellectual property office that’s recognized by VMC issuers. We recommend working with your legal team or a lawyer to get your logo trademarked. The trademark process can take 6 to 12 months. For the most secure BIMI setup, we recommend getting a VMC whenever possible.
If your logo isn’t trademarked, you can set up BIMI using a logo that has a Common Mark Certificate (CMC). To verify requirements for getting a CMC, check the current CAs that support BIMI at Mark Certificate Issuers.
Pros
With a VMC get a blue checkmark from Google when sending to Gmail
Highest security / trust
Easier to obtain
No trademark required, as long as the logo has been in use on your website for 12 month
Cons
Harder to obtain (must use a trademarked version of your logo)
Don't get a blue checkmark from Google
Logo must have been in use on your website for at least 12 months
Logo specifications
Your brand logo must meet BIMI specifications:
SVG Tiny PS Format: Convert your logo to SVG Tiny Portable/Secure (SVG Tiny PS) format.
Public Access: Host the SVG file on a secure (HTTPS) server accessible via a public URL.
The image size must be a minimum height and width of 96 pixels.
The image size must be specified in absolute pixels. Example: width=”96” height=”96”
Don't use relative dimensions to specify image size. Example: width=”100%” height=”100%”
Set the
<title>
element using a value that reflects your organizations name
In addition to the requirements, here are recommendations for SVG file compatibility with Gmail:
The logo image should be centered in a square.
The logo image should appear on a solid color background. Transparent backgrounds might not display as expected.
The SVG file size should be 32 KB or smaller.
The SVG file should include the
<desc>
element (description) for accessibility.
Step 3: Obtain a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC)
If you have a trademarked logo and want a blue checkmark from Google for gmail, apply for a VMC
A Verified Mark Certificate (VMC) authenticates your logo’s ownership and is required by most major email providers, including Gmail. To obtain a VMC you must have a trademark registered against the logo you want to use. Otherwise if you have a non trademarked logo that has been in use on your website for 12 months you can apply for a Common Mark Certificate (CMC).
Gmail and other email clients support BIMI only with PEM files. Using a PEM file provides additional security for your logo because it was verified by the CA.
Submit your trademarked logo in SVG format and request a VMC or CMC from one of the certificate authorities listed in Mark Certificate Issuers.
When your VMC or CMC is issued, you'll receive an entity certificate PEM file. Your SVG file (logo) and VMC/CMC are embedded in the PEM file.
Get any intermediate CA certificates and root CA certificates from the CA and append them to the PEM file in the order issued. Typically, the order is: Entity certificate, any intermediate CA certificate, root CA certificate. You'll add this file to your public web server in the next step.
Step 4: Upload the PEM file
Your PEM file must be hosted on the same domain as your email domain
Upload the PEM file (including all appended files) to your domain’s public web server.
Copy the PEM file URL because you'll include it in your BIMI assertion TXT record in the next step. Example PEM file URL: https://images.example.com/brand/certificate.pem
Step 5: Publish the BIMI DNS Record
To enable BIMI, publish a TXT record in your DNS settings.
Create the BIMI Record
Publish a TXT record at the subdomain
default._bimi
for your domain.
Record Content
Include the version, SVG logo location, and, if applicable, the VMC PEM file URL.
Example
Step 6: Test and Monitor Your BIMI Implementation
After publishing, verify your BIMI setup:
BIMI Inspection Tools: Use tools like MXToolbox to confirm the BIMI record’s accuracy.
Ongoing Monitoring: Regularly check email deliverability and logo visibility across different email clients.
Last updated