Skip to the main content.
Talk to sales Start for free
Talk to sales Start for free

2 min read

Should we be using BIMI in our email? (2023 update)

Should we be using BIMI in our email? (2023 update)

I've been following the BIMI email standard for about a year. This week I decided to take another look, as perhaps it's time for Paubox to adopt BIMI.

This post will answer the question: Should we be using BIMI in our email?

 

What is BIMI?

 

BIMI stands for Brand Indicators for Message Identification. It's a relatively new email authentication standard that aims to help businesses and organizations to display their brand logos in the inboxes of email recipients.

BIMI works by allowing email senders to upload their brand logo to a trusted third-party service, which verifies the sender's identity and the authenticity of the logo. Once the logo is verified, it can be displayed next to the sender's email in the recipient's inbox, providing an additional layer of authentication and visibility for the sender's brand.

BIMI is designed to work alongside existing email authentication protocols, such as SPF, DKIM, and DMARC, to help combat email phishing and spoofing.

By displaying the sender's brand logo, BIMI can help recipients identify legitimate emails from trusted sources, and reduce the likelihood of them falling victim to email scams or phishing attacks.

See related: ExecProtect: A solution for display name spoofing

 

How much does BIMI cost?

 

There are six steps to properly configuring BIMI. The first five are free to do, the sixth and final step is egregious.

The first five steps to setting up BIMI involve configuring the following DNS records:

  • MX record
  • SPF record
  • DMARC record
  • BIMI record
  • BIMI SVG image

 

The BIMI inspector tool provides clear guidance on how to get these records correctly in place.

The sixth step involves associating your company's logo with a Verified Mark Certificate (VMC). The steps on how to do that are outlined here.

First, you'll probably need to spend money to get your logo trademarked, which can be a lengthy process.

Second, you'll definitely need to pay a certificate authority (CA) like DigiCert or Entrust to request a VMC. If you go with DigiCert, it'll set you back $1,499 a year.

Why would anyone pay this much? Why isn't this free? Others are wondering the same thing.

In a nutshell, you cannot use a free service like Let's Encrypt to create a VMC.

 

Who is using BIMI?

 

As of February 2023, we couldn't find a single instance of an email company with a proper BIMI configuration.

For example, we used the BIMI inspector tool to perform a small selection of important email companies to gauge their BIMI adoption:

  • Gmail.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: No
    • BIMI record: None
    • BIMI SVG image: None
    • VMC certificate: None
  • Google.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: None
    • BIMI SVG image: None
    • VMC certificate: None
  • Hubspot.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: None
    • BIMI SVG image: None
    • VMC certificate: None
  • Mailchimp.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: Yes
    • BIMI SVG image: Yes
    • VMC certificate: None
  • Microsoft.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: None
    • BIMI SVG image: None
    • VMC certificate: None
  • Outlook.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: No
    • BIMI record: None
    • BIMI SVG image: None
    • VMC certificate: None
  • Paubox.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: Yes
    • BIMI SVG image: Yes
    • VMC certificate: None
  • Salesforce.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: Yes
    • BIMI SVG image: Yes
    • VMC certificate: None
  • Sendgrid.com
    • MX record: Yes
    • SPF record: Yes
    • DMARC record: Yes
    • BIMI record: Yes
    • BIMI SVG image: Yes
    • VMC certificate: Expired

 

Should we be using BIMI in our email?

 

No. At a minimum, it should be free to adopt BIMI standards. It currently is not.

In my opinion, the cart has been placed before the horse.

Make BIMI free or no one will adopt it.

Learn more: HIPAA Compliant Email: The Definitive Guide

 

Subscribe to Paubox Weekly

Every Friday we'll bring you the most important news from Paubox. Our aim is to make you smarter, faster.