What is BIMI?

BIMI stands for Brand Indicators for Message identification. It is a new, industry wide standard that will apply brand logos as indicators alongside authenticated emails to help people avoid fraudulent email. It gives assurance to users that an email is from the company it claims to be from by inserting their logo. It is the open and operable way to put your logo into emails, and it builds on DMARC.

Prerequisites for BIMI

The prerequisite for BIMI is that organisation must be at a policy of p=quarantine; pct=100 or p=reject to implement BIMI. It is complementary to DMARC and it gives companies a reason to set up DMARC.

What does BIMI do?

BIMI inserts a trademarked logo inside emails an organisation's network receives. It doesn’t stop phishing/spoofing, that’s DMARC’s job, however, if someone tried to spoof you when you have BIMI in place, your logo won’t appear. Think about the difference between BIMI and DMARC like this: DMARC stops an exact domain spoof, while BIMI adds an end validation layer for cousin domains or Friendly From.

How do you set up BIMI?

In order to successfully implement BIMI, you must first make sure that

  1. Your domain's DMARC policy is in p=quarantine or p=reject.

  2. Get vetted & certified by a BIMI certification provider. We have partnered with Entrust to help you every step of the way of getting vetted and certified.

BIMI certificates

BIMI certifications are going to follow the EV framework. Every organisation who wants to set up BIMI will have to go through a certification process with a certification provider. The BIMI certification will specify:

  • Which domains are whitelisted

  • The logo that the user wants to show

The certification is typically valid for up to a year and then will need to be renewed.

BIMI roadmap

After a year-long pilot, Google announced on July 12th, 2021, that they were officially rolling out supporting the BIMI standard across Gmail. Comcast, FastMail, and Yahoo! have also publicly expressed interest in joining the BIMI program.
Now is a good time to make sure that the work of moving to a DMARC policy of Quarantine or Reject is completed.

If you have more questions, visit our comprehensive FAQ about BIMI

Use OnDMARC to quickly move your policy to reject

Did this answer your question?