BIMI Records to protect Brand Reputation in Spoofing brand Email
BIMI Records to protect Brand Reputation in Spoofing brand Email , BIMI (Brand Indicators for Message Identification) is a new standard that can curb the issue of online impersonators. Major companies are using emails to communicate with their customers.
What is BIMI?
Brand Indicators for Message Identification (BIMI) is an industry-wide standards effort that will use brand logos as indicators to help people avoid fraudulent email, while giving marketers a new opportunity to put their brands in front of consumers for free.
Why Use BIMI?
Every time your organization sends an email, BIMI guarantees that your logo will be displayed in the preview pane and near the "from" line. When users see that logo, they'll trust the email and be more likely to respond to the email.
How Does BIMI Work?
BIMI builds on the DMARC standard for authenticating email. Before sending an email to a user's inbox, email platforms check the email against the sender's DMARC record within each email message to confirm authenticity. Once a DMARC record has been adopted, organizations can add a BIMI Certificate and update domain records to include its BIMI policy.
Initial Considerations for BIMI Implementation
1. Implement DMARC authentication on all your emails
- Organizations with an enforced DMARC policy are able to work with BIMI. Organizations can validate whether DMARC has been enforced or not by validating their DMARC Record by using the Mimecast DMARC Analyzer DMARC record checker. If a DMARC policy has been enforced BIMI can be implemented.
- Check email headers at Gmail, Microsoft, or Verizon Media (AOL and Yahoo!).
- The DMARC policy (p=) should be set to “quarantine” or “reject.” For AOL and Yahoo!, in order to display your logo.
2. Select the logo you want your subscribers to see in their inbox
- BIMI works with SVG images. The SVG image has to be squared logo, without any additional text. Store the logo in HTTPS and type the URL in the DNS TXT record.
3. Select the Visual Mark Certificate (VMC)
- While the Visual Mark Certificates (VMC) are not available to the public yet. The VMC will be required by most mailbox providers in order to display the BIMI logo.
- Keep following Mimecast DMARC Analyzer to be informed on the latest BIMI and VMC developments.
4. How to measure the impact of a BIMI implementation
- It’s recommended to track the effects of your BIMI implementation. Doing so, you will know if your clicks and or open-rates have been increased.
In order to publish a BIMI record, you have to create a DNS TXT record that can be used by the domain.
Follow the steps below for guidance:
Select your domain and selector
- When you check your marketing emails, you will find a field labeled “From:” This field points to the domain where you have to create a DNS TXT record.
- You will need to create a selector name. This is the name that the mailbox provider will use to retrieve the BIMI record. Many people use “default” as selector’s name since it is easier to implement as you don’t have to insert the BIMI-selector header.
- You can use the default name if you are testing how BIMI works, or are encountering problems adding the BIMI-selector header to your emails. The default setting is also suitable if you have or use a single brand for your company or organization.
- If you want to implement BIMI records for multiple brands, then you have to choose selectors’ names to have control over how the different logos will appear. It is advisable to use a short selector name, and also one that relates to your business.
Create a DNS TXT for the domain you selected above
In case you decide to implement the BIMI record yourself, you need to follow the instructions provided by your email provider or domain hosting service. Also, make sure to include all the required tags in the record and use the correct syntax in the implementation.
Using your selector name, you can follow the following format:yourselector._bimi.brand.com TXT “v=BIMI1; l=https://brand.com/logo.svg;a=;”
Example of a BIMI TXT Record with a selector
The example below shows an existing DMARC TXT record supplemented with the BIMI TXT Record with a selector for the domain: brand.com. The location of the logo in this example is: https://brand.com/logo.svg.
Using a default selector name, you can follow the following format:default._bimi.brand.com TXT “v=BIMI1; l=https://brand.com/logo.svg;a=self;”
Example of a default BIMI TXT Record
The example below shows an existing DMARC TXT record supplemented with the (default) BIMI TXT Record for the domain: brand.com. The location of the logo in this example is: https://brand.com/logo.svg.
In order to include the Visual Mark Certificate (VMC) to the record, add the URL that points to the VMC (.pem file), right behind the ‘a=’. For example: a=https://sub.brand.com/vmc/logo.pem;
When using the default selector name, you don’t need to include the BIMI selector header in the emails. The header is, however, necessary if you are using a unique selector name.
You will need to contact your DNS manager in order to publish the BIMI selector. Once again, ensure that you are using the correct syntax. The s=value in the header should match the set selector name in your DNS TXT record. Otherwise, your logo will not be displayed.
Please note that the example below is for illustrative purposes only. Be sure to use your own selector name or your logo will not display.
Components of a BIMI-Selector header
- Header name: The value is always BIMI-Selector. (Required)
- v = Version: the value is always BIMI1. (Required)
- s = Selector name: the value is the same what you have chosen earlier as your selector name. (Required)
The selector name listed in the BIMI-Selector header must match the selector name as you have configured in the BIMI DNS record exactly.
The correct syntax for the BIMI-Selector header
: v=; s=;
BIMI-Selector: v=BIMI1; s=januari2020;
Read this whole Blog and it take just couple of time.