Rob's web

BIMI

What is BIMI?

Aside from just looking really cool and professional, it is essentially a new standard in email authentication. Just like other such standards, it is a TXT record in the DNS of your domain. A BIMI record mainly shows the location of your logo. When the server of the recipient checks your domain for DMARC, it searches for a BIMI record as well. If the records match, the logo is displayed. The best thing is that your logo is not included as a part of the email message. Instead, it appears on the mail server, to which scammers do not have access. In other words: it is what separates your emails from phishing emails.

Prerequisites

Logo

BIMI Logo requirements

Signing the logo

Verify your logo is eligible for a VMC or CMC

To use your logo with BIMI, you must get a VMC (recommended) or a CMC issued by a CA.

To be eligible for a VMC, your logo must be trademarked with an intellectual property office that's recognized by VMC issuers. We recommend working with your legal team or a lawyer to get your logo trademarked. The trademark process can take 6 to 12 months. For the most secure BIMI setup, we recommend getting a VMC whenever possible.

If your logo isn't trademarked, you can set up BIMI using a logo that has a CMC. To verify requirements for getting a CMC, check the current CAs that support BIMI at Mark Certificate Issuers.

This options are expensive. For non-profit and clubs not an option.

You can also use it unsigned. It might not always be used.

DNS

For BIMI to work we must create a TXT records in our DNS servers.

FieldValue
Hostdefault._bimi.example.com
TypeTXT
Valuev=BIMI1;l=;a=https://images.example.com/brand/certificate.pem
v=BIMI1;l=https://images.example.com/brand/bimi-logo.svg
TTL1 hour (3600 seconds)

Links