Brand Indicators for Message Identification (BIMI)

There is no clear, visual sign that the sender is doing everything to protect the integrity of their emails. A new initiative called Brand Indicators for Message Identification (BIMI) is about to improve this. A company is allowed to use a logo in the receiver's inbox when they have checked a number of security and privacy boxes (DMARC compliancy).

In order to do have such a logo displayed, the company must be registered, and they need to buy a digital certificate called Verified Marc Certificate (VMC).

My personal experience with BIMI

I wanted to set up a BIMI logo and played around. I first increased the level of strictness on DMARC (quarantine) and then generated a BIMI-record. There were some warnings and hoped it would still be enough to qualify. I inserted the information in a text record for DNS and started validating.

Certificate (VMC)

Then I find out I needed to request an actual certificate. And for such a certificate is a waiting list. I put myself on the list. If you are interested, you can maybe start with the waiting list for the Verified Marc Certificate. The costs are substantial, though. An annual certificate costs $1299.

Conclusion

Displaying a logo with an email can be a strong defender against fishing, it increases brand trust and visibility, but by design it is also hard to acquire and use the logo. There are many e-mail clients out there and so it is hard to force visibility rules you can communicate.

BIMI Inspector - BIMI Group

* BIMI Validation may send data to a third party

BIMI Group