BIMI stands for Brand Indicators for Message identification. It is a new standard that will apply brand logos as indicators alongside authenticated emails to help people avoid fraudulent email. It gives assurance to users that an email is from the company it claims to be from by inserting their logo. It is the open and operable way to put your logo into emails, and it builds on DMARC.

The prerequisite for BIMI is that the organisational domain to be used must be at a policy of p=quarantine; pct=100 or p=reject; pct=100 to implement BIMI. It is complementary to DMARC and it gives companies a reason to set up DMARC.

BIMI inserts a trademarked logo alongside emails of participating providers. It doesn’t stop phishing/spoofing, that’s DMARC’s job, however, if someone tried to spoof you when you have BIMI in place, your logo won’t appear, and depending on your policy, the email may not even arrive. Think about the difference between BIMI and DMARC like this: DMARC stops an exact domain spoof, while BIMI adds an end validation layer for cousin domains or Friendly From.

In order to successfully implement BIMI, you must first make sure that

BIMI certifications are going to follow the EV framework. Every organisation who wants to set up BIMI will have to go through a certification process with a certification provider. The BIMI certification will specify:

The certification is valid for a year and then will need to be renewed every year.

Currently, the list of mailbox providers that support BIMI include Google, Apple, Yahoo, Fastmail, among others. Check the full list here.

If you have more questions, visit our comprehensive FAQ about BIMI

Use OnDMARC to quickly move your policy to reject and get BIMI certified!