What is BIMI? What is a BIMI record?
BIMI is the short form for Brand Indicators for Message Identification which is a new type of email specification that helps organizations to place the brand logo beside their authenticated mail. This makes it easier for the recipient to pick messages that are trustworthy with the help of familiar brands, thus boosting brand awareness and diminishing the risk of phishing.
The BIMI record therefore is a kind of DNS record that defines the location of the brand’s logo and consists of information on the status of the logo verification. In positioning this branding technique, BIMI requires the creation of this DNS record which the email clients can then use to display the logo of the brand beside the authenticated emails.
What is DMARC?
DMARC is an email authentication system that is promoted by Still and is abbreviated as Domain-based Message Authentication Reporting and Conformance It intends to empower the owners of email domains to prevent their domains from such dangers as email spoofing.
It is based on the more traditional SPF (Sender Policy Framework) and DKIM protocols that enable the owners of domains to declare mechanisms — namely SPF, DKIM, or both — to use when sending e-mail messages from the particular domain and what receivers should do with messages that do not conform to these policies.
DMARC also offers a feedback loop where email receivers are able to report to domain owners regarding the messages that pass and fail on DMARC assessments.
What is VMC?
VMC is an acronym for Verified Mark Certificate which is considered as a digital logo verification certificate provided by the Certificate Authorities for testing the logo’s authenticity of a brand. When used along with BIMI, VMCs guarantee that emails coming through a specific domain are accompanied by legitimate logos.
A VMC adds an extra layer of assurance that the logo that it displays indeed belongs to the brand and has been certified by a third party thereby improving the brand’s image and reducing the incidence of email spoofing and phishing.
Specific Requirements for BIMI
Here are some fundamentals of BIMI and the technical and administrative requirements that must be provided to introduce BIMI. These requirements ensure that the brand logo is rendered properly and does not become detached from the client devices that support the BIMI.
Here are the detailed requirements for BIMI implementation:
DMARC Implementation
Implementing BIMI requires Domain-Based Message Authentication, Reporting, and Conformance.
Organizations must have a DMARC record published in DNS, ideally with a non-recommended policy of quarantine or rejection to prevent the delivery of unauthorized emails.
This is important as DMARC is what BIMI builds upon by leveraging its security and authentication measures to ensure that the sender of the email is trustworthy.
Furthermore, the domain used in the ‘From’ field must correspond to the domain used in the SPF and the DKIM records, in other words, the records must be aligned.
A typical DMARC record might look like this:_dmarc.example.com. IN TXT “v=DMARC1; p=reject; rua=mailto:dmarc-reports@example.com; ruf=mailto:dmarc-forensic@example.com; pct=100”.
SVG Logo
The brand logo must be in the Scalable Vector Graphics (SVG) format. Finally, SVG is a vector graphic format that makes it possible to scale up or down the logo without worrying about deterioration or pixelation of the logo.
One reason for this format is that it renders very effectively on every device and on every possible screen size. The file has to help the BIMI SVG Profile which has specific demands concerning the structure and content of an SVG file.
For example, the SVG cannot contain scripts, other resources, or animation of the design. It should also link to secure URLs must not exceed certain file sizes and should be in specific resolution and dimensions to display correctly on the client’s mail application.
VMC (Verified Mark Certificate)
There are formalities that have to be fulfilled in order to obtain a VMC. Firstly, the brand logo must be a registered trademark since registration of the Trademark is a condition that should be fulfilled when applying for a VMC.
The organization then needs to get a VMC from a CA, like DigiCert or Entrust through which the CA checks the company’s credentials with regard to the brand in question and the trademark ownership.
The CA goes through the validation process that ensures the organization owns the logo and its trademark, which the client provides, including the trademark registration proof and the organization’s details.
After the CA checks the information, it provides the brand with a VMC, which is an electronic signature constituting the authorization of the logo’s usage.
DNS Record
The next criterion that must be met is the BIMI DNS record publishing. This record must be published in the DNS settings of the domain in which the organization resides and where the SVG logo file is located, and include the VMC if there is one.
A typical BIMI DNS record looks like this:
default._bimi.example.com. IN TXT “v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/VMC.pem”, where v=BIMI1 indicates the version of BIMI, l= specifies the URL of the SVG logo file, and a= provides the URL of the VMC file if available.
5. Logo Compliance and Validation
Checking logo compliance is central to considering a set of strategies for implementing BIMI. It means that the logo should be sharp, clear, and well recognizable but it has to meet the qualitative criteria of the e-mail clients where it will be shown.
However, specific email clients or email providers may have additional checks on top to ensure the logo can be displayed as required. This may include verifying whether the logo has a proper layout, does not have barriers to usability, and meets brand identity.
6. Email Client Support
The type and level of support offered by the different email clients are also important to know.
As of now, not all the email clients support BIMI therefore, one must check all the email clients being used by the recipients in the organization to ensure compatibility with BIMI.
To stay as safe as possible it is recommended to initially try out BIMI in the supported email clients and see whether the logo looks and functions as it should.
What are the Requirements for VMC Issuance?
Obtaining a Verified Mark Certificate involves several steps and requirements:
Trademark Registration: A logo of the brand must be registered as a trademark.
- DMARC Compliance: To make sure that their domain is shielded from spoofing, an organization must have a fully compliant DMARC policy at ‘quarantine’ or ‘reject’.
- SVG Logo Compliance: These requirements pertain to the logo file type and format, specifically SVG format as prescribed by the issuing CA.
- CA Validation: A certificate from a certificate authority is needed to ensure the validity of the used trademark and the organization.
Benefits of All 3 (BIMI, DMARC & VMC)
BIMI Benefits:
BIMI plays an important role in increasing brand exposure and customer confidence since the brand logo is presented in the recipient’s inbox.
It enhances email open and response rates as well as offers a sign of confirmation that the received email is from a valid sender and assists in combating phishing attacks.
DMARC Benefits:
DMARC is useful in shielding a domain against spoofing and phishing by only allowing authenticated messages from domain senders through the recipient’s mail server.
Thus, it allows organizations to view those who send emails within the domain by using reports, thereby enhancing the email security of the organization.
VMC Benefits:
A Verified Mark Certificate confirms that the logo of the brand which is being shown in emails to clients has been checked and approved by a third party. This helps build brand awareness, as the recipient can be assured that the email is from a genuine account.
It also works in collaboration with BIMI because it offers an additional feature of safeguarding an account.
How do you buy verified mark certificates (VMC)?
To purchase a Verified Mark Certificate, follow these steps:
Trademark Your Logo: Make sure the logo you use is copyrighted.
- Implement DMARC: Fortunately, it is easy to set up and configure a DMARC policy for your domain.
- Choose a Certificate Authority: Choose a reputable certificate authority that is capable of providing VMCs like DigiCert and Entrust.
- Apply for VMC: Apply to the desired Certificate Authority with the application to verify your trademark and domain as required.
- Validation Process: To complete the validation for your trademark and organization details, go through the process which is done by the Certificate Authority.
- Receive and Install VMC: The VMC itself will be given out to you by the CA once it has been approved so you can integrate it with the email system.
Conclusion
Shield your brand, strengthen customer confidence, and improve your business email security with our cheap and effective certificates.
Top comments (0)