BIMI: a new way to combat email fraud and to increase brand recognition
The latest news in the land of email fraud: "A new real estate email scam has cybercriminals cashing in. Losses have soared [...] to $1.3 billion last year." - (CBS Evening News, September 25 2019). Unfortunately, these types of messages are not uncommon. In fact, as time goes on and more of our data gets stored online, phishing and email attacks are only increasing - with drastic consequences. It is more important than ever for senders to put the right email authentication in place to minimize these attacks. The newest addition in email authentication is created to help with this: BIMI (Brand Indicators for Message Identification). As other methods for email authentication, BIMI does not only prove the legitimacy of the sender but also helps to improve deliverability. In this blog post, we'll take a closer look at what it is and how it works.
What is BIMI?
BIMI is a new way to display your brand in the inbox of the subscriber. With BIMI, brands can associate their logo with a fully authenticated email. Similar to the three commonly used methods for email authentication (SPF, DKIM and DMARC) BIMI is a TXT record in a domain's DNS. It works like this: when a message is sent, the recipient's email client queries the DNS of the From domain for a corresponding BIMI record. When this is similar to the domain's DMARC record, and the message is authenticated, the email client retrieves the sender's logo (in SVG format) from the URI specified in the BIMI text record. This logo is then showcased in the receiver's inbox next to the sender's "from" name.
In order for BIMI to work, several things need to be taken into account. First, a sender has to have the other email authentication methods configured correctly - meaning that SPF and DKIM are correctly set up and fully DMARC compliant (including the "reject" or "quarantine" policy). Second, the provided SVG image needs to be in square format, the logo must be centred and legible and the file should be publicly accessible, served via HTTPS. Third, you need a good BIMI reputation. At the moment, there are two ways of achieving this: a) Either you are recognized as a reputable sender (which means: low spam complaints, high engagement rates and few bounces) - this is subjective per receiver; and/or b) you collaborate with a Certification Authority (CA) and you have been issued a Verified Mark Certificate (VMC) which is included in your BIMI record.
BIMI for brand recognition
BIMI's strength lies in the fact that it is visible to subscribers. Showcasing the brand logo in the inbox evokes brand recognition and trust, not only with the email client, but also with the subscriber. This means that it will be more likely that legitimate emails will end up in the inbox - and it will be more likely that subscribers will engage with these emails - which aides deliverability.
However, it also does another important thing: it gives an additional reason for marketers to implement SPF, DKIM and DMARC for email authentication. Since SPF, DKIM and DMARC aren't visible to subscribers, many marketers might initially not recognize the importance of authenticating emails. The conclusion drawn in a study by Hoffman Cyber Security supports this statement: they found that a majority of organizations do not implement email authentication practices correctly. BIMI is expected to offer a solution to this since it's an opportunity for brands to get free brand impressions.
The future of BIMI
At the moment, BIMI is still in its early stages and currently only enabled in ‘trial mode' by Verizon Media (Yahoo/AOL). In Yahoo Mail, BIMI brand logos will show up for authenticated emails in all Yahoo Mail apps (desktop, mobile etc). A growing list of email companies are expected to follow soon early next year. Large companies like Groupon and eBay have already adopted BIMI. On https://www.agari.com/insights/tools/bimi/ you can find all BIMI records per domain.
In July this year, Google announced that it will launch a BIMI trial period in 2020 as well stating that "We believe BIMI is promising and is heading in the right direction; we're excited to be part of crafting the future of the standard" Neil Kuman, Product Lead for Gmail (PR Newswire, July 24 2019). Since Google has a large user base, it is expected that Google's BIMI pilot will add to the deployment and enhancement of BIMI. We'll closely follow the developments!