Use BIMI to Personalize and Help Secure Every Email

BIMI links your brand’s logo to your email! There are many benefits to adding a BIMI record to your DNS. A BIMI record tells email senders that your email address is associated with a domain name, which makes it more likely that your email will be delivered correctly. Additionally, adding a BIMI record allows you to use DKIM authentication, which helps to protect your email from spam and phishing attacks.

What is a DKIM record?

DKIM (DomainKeys Identified Mail) authentication encrypts the “header” section of an email message in transit, to prevent spoofing and spam.

DKIM is a cryptographic authentication mechanism that allows an organization to take responsibility for transmitting a message, in a way that can be verified by mailbox providers. When DKIM is correctly implemented and deployed, it prevents spoofing of the organization’s domain name and uses cryptographic technologies to determine whether the message was altered during transit.

In other words… If “DKIM” cannot be verified, the email message won’t get delivered. It helps prevent people receiving email that you didn’t authorize the sending of.

What is a BIMI record?

A Domain-based Message Authentication, Reporting and Conformance (DMARC) record makes it possible to:

  • Specify which mail servers are permitted to send email using your domain name.
  • Set policies for failing or bouncing messages that either do not pass authentication or fail DMARC checks.
  • Set a policy for reporting messages that pass authentication, that are still suspected of being spam.
  • See aggregate reports about receiving email channels.

A BIMI record creates an additional domain name endpoint to which DKIM records can be published. You can publish DKIM keys at both the sending organization’s DNS zone as well as the BIMI record.

A BIMI record is like a subdomain for DKIM records – adding one to your domain name makes it possible to set up DKIM authentication and DMARC policies for your organization.

Is it easy to do?

Yes, you can use the resources at BIMI Group to test or generate your BIMI record.

If you’re looking for an easy way to add DKIM authentication and DMARC reporting to your organization, consider adding a BIMI record.

Here is the information for the technical “How to”

Issue: You need to improve email engagement, using brand indicators. You also need to improve the visibility of fraudulent vs legitimate email (from your business).

Solution: Create a BIMI (Brand Indicators for Message Identification) record for your domain .

To successfully use BIMI, your domain must already have completed full DMARC enforcement. DKIM, SPF, DMARC records must be in place before addng BIMI.

Why is this the case?

BIMI (DNS) records are used to display business logos within a recipients email inbox, ONLY if the email is legitimate! BIMI is an initiative to use branding logos as indicators, which helps the receivers of your email to recognize and avoid fraudulent messages. If someone sends a fraudulent image on your behalf, the logo will not display beside your email messages (in the recipient’s email inbox).

Create a square image in SVG format (your logo will work best in this regard). Again, make sure the dimensions of the image file are a perfect square.

If you already have an acceptable image, and simply need to convert it into SVG format, this online resource may help:

Upload your SVG image to the root of your website.

Create a DNS record under your domain, as suggested below.

Create a TXT record with the following…

Name: default._bimi
Value: “v=BIMI1; l=;”
TTL: 14400

Remember: DKIM, SPF, DMARC records must be in place before adding BIMI.

An example of a DMARC record would be something similar to the following:

DMARC (txt record):

_dmarc "v=DMARC1;p=reject;sp=none;adkim=r;aspf=r;pct=100;fo=1;rf=afrf;ri=86400;;"