BIMI for email authentication

Welcome to our comprehensive guide on Brand Indicators for Message Identification (BIMI), designed for end users. Our goal is to educate you on the importance of BIMI in enhancing your email communication. This guide will walk you through the intricacies of BIMI and its associated protocols, its necessity, and a step-by-step procedure for its implementation.  

Improve brand visibility in emails through BIMI 

Email remains the most effective method of communication, boasting the highest open and click-through rates in the industry. Given its powerful impact, it's crucial for your brand's emails to be immediately recognizable and trustworthy. This is achieved through the BIMI (Brand Indicators for Message Identification) standard.

Consider the two email examples provided below. The email on the left comes from a BIMI-authenticated sender, while the one on the right does not have this authentication. Notice the presence of the brand's logo as the sender's contact picture and a blue checkmark next to the sender’s name in the authenticated email.

In today's environment, filled with spam and phishing attempts, it's vital for businesses to distinguish their emails from malicious ones. This distinction not only helps protect customers from potential scams but also enhances brand identity and recall. Moreover, using BIMI increases the likelihood that emails from verified senders will successfully reach their audience.

What is BIMI? 

BIMI, which stands for Brand Indicators for Message Identification, is an email authentication protocol aimed at boosting brand visibility and credibility during email exchanges. This standard enables email applications to verify if an email comes from a legitimate sender and whether the content remains unaltered during transmission. If the sender is authenticated and the email is intact, BIMI allows the display of the brand's trademark logo as the sender’s contact picture and includes a verification mark (such as a blue tick) alongside the email. This informs the recipient that the email is from a trustworthy and verified source.

BIMI operates in conjunction with DMARC (Domain-based Message Authentication, Reporting, and Conformance) authentication, which allows domain owners to instruct receiving email servers on how to handle emails that fail authentication tests and may be falsely using their domain. A DMARC record is essential before implementing BIMI. As the pinnacle of current email authentication protocols, BIMI ensures that emails from legitimate senders are secure against impersonation and tampering by malicious actors.

Why is BIMI important for my organization?  BIMI holds significant relevance in the realm of email authentication due to several key reasons: High email volume: BIMI can help decrease email phishing attacks and spam that may harm your organization's brand value if it sends numerous transaction emails to customers. Distinguishing Genuine Emails: One of the significant benefits of BIMI is its ability to help recipients distinguish authentic emails from impersonation or phishing attempts. By displaying the company's logo in emails, BIMI makes it easier for users to recognize genuine emails. Enhancing Brand Recognition and Trust: Displaying a company logo in emails can significantly boost brand recognition. It provides an immediate visual association with the brand, enhancing the user's trust and confidence in the email's content. Improve Email Performance: With the added trust and recognition that comes with BIMI, recipients are more likely to open and engage with the emails, potentially improve the email performance.

How Can I enable BIMI? 

BIMI enablement is specific to each service provider. The requirement for each mail service provider varies regarding how they enable BIMI for the domains. It's a mix of both technical as well as usage requirement. However, there are a few elements that remain common across them.

1. An owned private domain that is SPF, DKIM and DMARC authenticated
   
2. A trademarked logo of your brand in Scalable Vector Graphic (SVG) SVG format
   
3. Verified Mark Certificate (VMC)* for your logo

VMCs are essential for businesses to display verified brand logos in email sender fields. They are issued by publicly trusted certification authorities and require the brand logo to be trademarked and DMARC compliant.

Click here to see the list of BIMI supported email providers. Steps to enable an email service provider for some of the major providers are as follows.

Steps to enable BIMI

1. DMARC is a pre-requisite for BIMI authentication
   
1. DMARC policy should be set to reject for the domains and its sub-domains (p=reject; sp=reject)
   
2. Or, quarantine to be set at 100% (p=quarantine; pct=100)
   

• The logo (BIMI refers to this as an indicator file) for your brand should be converted to the SVG Portable/Secure format to be compatible with BIMI protocols.
  
• Depending on the mail service provider, they might mandate a VMC certificate (BIMI refers to this as the BIMI evidence document) to enable BIMI. VMC is a form of external validation stating that your indicator file (logo, in this case) is valid. Providers such gmail, apple mail etc. mandates the use of VMC. However, providers such as Yahoo!, AOL etc. do not mandate and treats VMC as an optional validation.
  
• Publish the BIMI record to your domains domains DNS TXT record. A sample entry is as follows:
  “v=BIMI1; l=https://full/path/to/logo/file.svg; a=https://full/path/to/evidence/document.pem”

Note: Apart from this, providers like Yahoo! monitor the sender reputation and activity to enable BIMI. BIMI protocol is not supported by Outlook/Microsoft mailboxes

Please refer to this guide for more details regarding the requirements by specific mailbox provider.

What BIMI means to Zoho CRM users 

If your organization sends a large volume of transactional emails to customers, adopting the BIMI protocol to authenticate your domain is advisable. With BIMI, the email recipient will recognize your brand image, significantly reducing the likelihood of your emails being marked as spam or blocked compared to emails from non-BIMI authenticated domains. For responsible email senders, this ensures better email deliverability, making it more likely that your communications will reach the customer's inbox rather than the spam folder. Consequently, organizations that implement the BIMI protocol can expect to see an improvement in their Zoho CRM email credibility score.

BIMI not only enhances email security, but also boosts brand recognition and improves email deliverability. Its integration with DMARC positions it as an essential tool for protecting email communications and refining sales communication strategies.

For more info, you can refer to the BIMI group webpage from here.

Credibility Report: The Impact of BIMI 

Zoho CRM's Email Credibility Dashboard gives organizations a score between 1 and 100 to show how reliable their email habits are. If you get more than 70, that's seen as a good score. This number shows how much people can trust and respect the organization based on how they handle their emails.

Implementing BIMI can improve this score by ensuring that emails sent from the organization's domain are authenticated and secure, thanks to the underlying DMARC (Domain-based Message Authentication, Reporting, and Conformance) protocol. By displaying a brand-controlled logo in supported email clients, BIMI not only enhances brand visibility, but also reassures recipients of the email's authenticity. This reinforcement of trust and authenticity can lead to better engagement rates and a reduced risk of phishing, ultimately boosting the organization's email credibility score within Zoho CRM.

• Related Articles

• Email Authentication

  In this digital era email forms a major part of communication in every business or organization. Companies often use different domains to deliver the message to its recipients. In such cases, it's crucial to establish an email policy that can define ...

• Email Limits

  In Zoho CRM, you can either send bulk emails or individual emails. Following are the limits for sending emails based on your account's Edition. Please note that email limits will be set based on the organization's time zone. Mass emails and emails ...

• Troubleshooting Email Relay

  1. Why am I getting an authentication failure error? Make sure that the password you entered is correct. To verify the password, log in to your webmail with the same password by typing in the password instead of using auto-fill. Check whether TFA is ...

• Email bounce management

  A bounce warning indicates that one or more of your emails have been rejected by the recipient's email server. This can be caused by a variety of factors, including an invalid email address, a full mailbox, or a blocked domain. It's important to ...

• FAQs on email bounces

  Sometimes, when you send emails through Zoho CRM, you may observe that the emails have bounced and, consequently, were not successfully delivered to the intended recipients. Below are some commonly asked questions regarding email bounces and how to ...