BIMI for Gmail: Google Makes its new security updates using Email Identity Indicators.

Google recently announced their plans for Gmail to support BIMI as part of a larger series of G Suite security updates.

If you’re already familiar with BIMI, you’re probably excited about it. If you aren’t familiar with it, you’re probably shaking your head at there being yet another acronym in email.

BIMI stands for Brand Indicators for Message Identification. It allows senders to add a branded logo within supporting email clients. What this means in simple terms is that your email subscribers will now see your logo beside your email, before they even open their mail.
It’s worth working towards implementing BIMI because BIMI relies you having set a DMARC policy. This instructs mailbox providers to quarantine or reject email that claims to be from you but isn’t helps protect your customers from fraud. Because displaying your logo, and the increased brand recognition that comes with it, is an added bonus for increased security! This open system relies on existing authentication protocols like DMARC, DKIM, or SPF, it isn’t a new authentication protocol in and of itself.

The BIMI standard uses two different mechanisms to verify emails before displaying the company’s logo: DMARC and verified mark certificates (VMCs). (I will try to add a dedicated article on VMC later)

DMARC, which stands for domain-based message authentication, reporting, and conformance, is key to email authentication. It gives organizations greater visibility and control of who sends emails from their domains.

An email signing certificate is issued for an individual user (for example and it doesn’t include a logo. It not only authenticates an email sender but it also encrypts email as well (if the recipient also uses an S/MIME certificate).

How to setup BIMI – A guide

Please check back frequently for changes and updates. Future BIMI programs may require BIMI certificates. Please note, these steps and resources are not final and will be updated as new information becomes available.

Step 1

Authenticate all of your organization’s emails with SPF, DKIM and DMARC – ensure all are aligned

DMARC policy must be at enforcement – either “p=quarantine” or “p=reject” on the organizational domain

No sp=none or pct<100

Produce an an SVG Tiny 1.2 version of your official logo

Step 2

W3C – Scalable Vector Graphics (SVG) Tiny 1.2 Specification

Square logo file

Include a solid colour background

Step 3

Publish a BIMI record for your domain in DNS

a= tag is currently optional

default._bimi.[domain] IN TXT “v=BIMI1; l=[SVG URL]; a=[PEM URL]

View your BIMI record BIMI Generator