Aside from just looking really cool and professional, it is essentially a new standard in email authentication. Just like other such standards, it is a TXT record in the DNS of your domain. A BIMI record mainly shows the location of your logo. When the server of the recipient checks your domain for DMARC, it searches for a BIMI record as well. If the records match, the logo is displayed. The best thing is that your logo is not included as a part of the email message. Instead, it appears on the mail server, to which scammers do not have access. In other words: it is what separates your emails from phishing emails.
To use your logo with BIMI, you must get a VMC (recommended) or a CMC issued by a CA.
To be eligible for a VMC, your logo must be trademarked with an intellectual property office that's recognized by VMC issuers. We recommend working with your legal team or a lawyer to get your logo trademarked. The trademark process can take 6 to 12 months. For the most secure BIMI setup, we recommend getting a VMC whenever possible.
If your logo isn't trademarked, you can set up BIMI using a logo that has a CMC. To verify requirements for getting a CMC, check the current CAs that support BIMI at Mark Certificate Issuers.
This options are expensive. For non-profit and clubs not an option.
You can also use it unsigned. It might not always be used.
For BIMI to work we must create a TXT records in our DNS servers.
| Field | Value |
|---|---|
| Host | default._bimi.example.com |
| Type | TXT |
| Value | v=BIMI1;l=;a=https://images.example.com/brand/certificate.pem v=BIMI1;l=https://images.example.com/brand/bimi-logo.svg |
| TTL | 1 hour (3600 seconds) |