What is BIMI (Brand Indicators for Message Identification) and how to implement it

After reading my article on the importance of implementing DMARC, a representative of a reputed technology services company in India approached me to help them in implementing BIMI. This inquiry gave me an excellent opportunity to read about BIMI and implement it for our email domain rediffmail.com.

Image showing implemnentation of BIMI

Here in this article, I will explain the unwritten rules which I have discovered while implementing BIMI that will help you in implementing BIMI. But mind you, BIMI is still in the nascent stage, and whatever I have written here may change in the future. Currently, Yahoo! Mail is the only email provider who has implemented this, and Gmail has announced that it will support BIMI by 2020. We at Rediff.com have also taken notice of the importance of BIMI and working towards the implementation.

While DMARC helps in stopping spoof emails that use organizations exact domain name in the "from" email address, there are many phishing emails with some random "from" email address. Many are falling prey to these phishing emails as they are not tech-savvy to check the authenticity of the email by checking the "from" email address. So comes BIMI to the rescue.

So, What is BIMI, and how will it help?

BIMI or Brand Indicators for Message Identification is a standard where the brand's authenticated email has its logo displayed beside the "from" email address in the message and also in the email listing in the inbox. Users can check the authenticity of the email by just a simple visual verification instead of the complicated procedure of checking the "from" email address.

As the inbox has the brand's logo displayed in the email listing, users can now avoid opening phishing emails and only open trusted emails. Because of the trust, the chances of users marking authenticated emails as spam are less. With fewer unsubscriptions and spam markings, the email address's reputation increases, which in turn increases the chances of the marketing email delivered in the inbox.

How to implement BIMI?

1.     Implement SPF (You can check here if SPF is enabled or not: https://businessemail.rediff.com/spf-analyzer)

2.     Implement DKIM (You can check here if DKIM is enabled or not: https://businessemail.rediff.com/dkim-analyzer)

3.     Implement DMARC with the "policy" "p" as "quarantine" or "reject." (You can check here if proper DMARC policy set correctly or not: https://businessemail.rediff.com/dmarc-analyzer). (Have "policy" "p" as "reject" to stop spoof emails reaching your customers)

4.     Make an SVG (.svg) image of your logo. It should be square and centered.

5.     This image should be hosted on a web server and should be accessible using HTTPS. The logo will be displayed if the URL is HTTPS and not HTTP.

6.     Make sure that you change this logo if you rebranded and change the DNS records if the location is changed.

7.     Obtain a Verified Mark Certificate. This Verified Mark Certificate is optional now, but it may be mandatory in the future. It is issued by invitation only by Digicert and Entrust Datacard.

8.     Create a DNS TXT (text) record for the domain used for sending emails.

9.     By using a "Default" selector, the BIMI record should be like this

a.     Without Verified Mark Certificate: default._bimi.brandwebsite.com IN TXT "v=BIMI1; l=https://subdomain.brandwebsite.com/image/logo.svg; a=;"

b.     With Verified Mark Certificate: default._bimi.brandwebsite.com IN TXT "v=BIMI1; l=https://subdomain.brandwebsite.com/image/logo.svg; a= https://subdomain.brandwebsite.com/vmc/logo.pem;"

10.  Verify if you have implemented the BIMI record properly here: https://mxtoolbox.com/bimi.aspx

Some points to consider

I have discovered these while implementing BIMI for our email domain Rediffmail.com

1.     BIMI will not work for individual email addresses like someuser@rediffmail.com or user@somebank.com

2.     BIMI will work only for email addresses used for mass communication and having high volume like no-reply@rediffmail.com. They are used to send transaction messages like bank statements or bank transaction alerts or OTPs etc.

3.     BIMI will work only for email addresses with a good reputation and are not used to send spam.

4.     BIMI will not work if the DMARC "policy" "p" is "none."

5.     We still do not know the number of emails that should be sent using the brand email address to be qualified for BIMI.

Views: 60

Join the Discussion ...

You need to be a member of CISO Platform to join the discussion!

Join CISO Platform


CISO as an enabler

Started by Maheshkumar Vagadiya Jul 30, 2020. 0 Replies

Share the instances where you were able to convince the Executive management /board that CISO function is enabler rather then a hindrance.Thanks youMaheshContinue

Has Anyone Evaluated Digital Signature (like Docusign)?

Started by CISO Platform. Last reply by Yogesh Nov 19, 2020. 2 Replies

(question posted on behalf of a CISO member)Has anyone evaluated digital signature (like Docusign), any specific risk/ security areas to be looked into while finalising a vendor? Any and all inputs will be very much appreciated.Continue

What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?

Started by CISO Platform. Last reply by ANAND SHRIMALI May 20, 2020. 4 Replies

(question posted on behalf of a CISO member)What are your strategies for using Zoom in your organization after recent vulnerabilities in news about Zoom platform?Related Question: …Continue

[Please Suggest] Corona Virus: Security advisory for work from home

Started by CISO Platform. Last reply by Bhushan Deo Mar 20, 2020. 12 Replies

(question posted on behalf of a CISO member)Due to CORONA virus most of the organizations are allowing their employees to work form home.Has any one issued security advisory for work from home ?Continue

Tags: #COVID19

Follow us

Contact Us

Email: contact@cisoplatform.com

Mobile: +91 99002 62585

InfoSec Media Private Limited,First Floor,# 48,Dr DV Gundappa Road, Basavanagudi,Bangalore,Karnataka - 560004

© 2021   Created by CISO Platform.   Powered by

Badges  |  Report an Issue  |  Privacy Policy  |  Terms of Service

/* */