BIMI, or Brand Indicators for Message Identification, is a new standard created to make it easier to get your logo displayed next to your message in the inbox. With this simple, visual verification, recipients can recognize and trust the messages you send. Not only will this help your visibility, but BIMI is designed to prevent fraudulent emails and aid deliverability by requiring strong enforcement of authentication standards.
Sender Policy Framework (SPF) is an email authentication method designed to detect forging sender addresses during the delivery of the email. Authenticates your email to identify the mail servers that are allowed to send email from a particular domain. SPF is a text record in your domain that designates the list of servers that are known sources of emails for your domain. The SPF record can be as simple as allowing MX (mail exchange) servers to send, list specific IPs or IP networks, include other SPF records or even use macros. SPF records are critical to protect the domain from being abused on the network level but do not protect from forged emails.
DKIM - DomainKeys Identified Mail is a digital signature added to emails to verify to inbox providers that your domain sent the message and you’re responsible for the content of the message. DKIMs are added by mail servers and protect messages and their content from tampering. DKIM allows the receiver to check that an email claimed to have come from a specific domain was indeed authorized by the owner of that domain. It is nearly impossible to tamper with the contents of a properly DKIM signed message. An email should always be signed with a DKIM of the sending domain and could be signed with additional DKIMs of 3rd party sending services.
Like other email authentication standards, BIMI is essentially a text file. That text file follows a specific format and lives on your sending servers. When a message is delivered, the recipient's email service looks up the BIMI text file—and where it's hosted—to ensure that the message can be verified. Once verified, the BIMI file tells the email service where to find the sender’s logo and the email service pulls that logo into the inbox.
BIMI is a new way of putting the brand in control of the logo displayed in the mailbox. Not only that it allows the recipient to clearly identify a verified source. The recipient doesn’t need to worry if the message is fraudulent or not as the mailbox provider has already verified the authenticity of the sender.
As BIMI was created to increase trust to authenticated messages it also contains an extra layer of protection from brand abuse. First off the existence of BIMI record and correct email authentication doesn’t warrant the logo to be displayed. Mailbox providers will only display the logo for trusted brands with sufficient reputation and history. In addition the BIMI record can contain a certificate containing the logo called Verified Mark Certificate. Mailbox providers will have their own rules regarding logo display and we already know that some will require logos to be certified. This prevents bad actors from 3rd party forgery by building a good reputation and then forging the logo.
BIMI is currently supported by Yahoo! Mail, Fastmail and Gmail. Gmail requires BIMI to be certified using a Verified Mark Certificate. Comcast, 1&1 (web.de, gmx.com) and Seznam.cz are in the planning stages of BIMI support. FairEmail on Android supports BIMI after enabling support in setting.
There are many alternative ways to display logos which was the driving force behind BIMI itself. Mailbox providers have been curating logos for known brands for years each coming up with their own offerings. Microsoft is using Bing Pages to attach brand logos, Mail.ru provides avatar upload in their postmaster tools, some email clients rely on Gravatars. In addition multiple mailbox providers have a paid brand display offer - be it trustedDialog in Germany, Mail.ru’s avatars or Interia’s premium services.
A Verified Mark Certificate (VMC) is a digital certificate that certifies the authenticity/ownership to display a BIMI logo. Just like SSL/TLS certificates, Verified Mark Certificates will also be issued by trusted third-party certificate authorities upon successful verification of the business. Verified Mark Certificates are required by Google to display brand logos in Gmail. You can register for VMC here and we will add an option to request Verified Mark Certificates directly from your Notamiq account soon.
Verified Mark Certificates are issued by certification authorities to all eligible brands. First off you will need to have a fully valid BIMI record and we are here to help you with that. Next you will need your trademark registration - having a registered graphic representation of your logo is required for the certification process. You can request a VMC through our form and we will add the option to our app soon.
The basic requirement for the BIMI SVG is a square logo - make sure document dimensions (artboard) are square and your logo is centered. The logo must be a vector drawing in curves and not a bitmap. There must be no interactive elements in your SVG, no multimedia, no animations and no scripts. If you have any texts in your logo, make sure the text is converted to curves as BIMI SVG doesn’t allow any use of fonts. The logo must be served using a secure HTTPS protocol with no redirections.
SVG is a widely supported format that can be exported from most common graphic design software. Each application has a slightly different support of SVG and requires specific steps to be taken to generate a fully compliant BIMI SVG. We have prepared an Ultimate guide to BIMI with a step by step preparation and export process using Adobe Illustrator.
That’s what we are here to help with. Notamiq brings the best in class validation service to help you properly deploy BIMI on your domain. Not only that - our validation also makes sure your logo will meet the requirements of the upcoming BIMI SVG standard and get you closer to getting your logo certified using a VMC.
SVGs fail to validate for many reasons. The most common is using an invalid type of an SVG - whether it’s an SVG that contains a bitmap image or an SVG of an incorrect version. The SVG format itself has various versions and profiles of intended use. The BIMI SVG format is based off of the SVG Tiny 1.2 specification with modifications required to increase security.
Our validator does a complex set of validations to give you the best possible picture of your BIMI record deployment. Each of these tests has a different importance. While some are non-critical and will result in a warning, others will result in an error which means your BIMI can not be considered valid and result in the logo not being displayed.
For a domain to be able to receive emails an “MX” record must exist in the DNS. An “A” record may serve as an alternative but an “MX” is recommended. If a domain is not configured to receive emails it’s very likely that it won’t be able to send properly authenticated emails as well. In such a case a BIMI record would be useless and therefore an error is displayed.
The validator failed to validate the existence and proper configuration of the domain. Please make sure you have entered a valid domain name and that your domain is properly configured to send and receive emails.
A BIMI record has been found while querying the domain records but it's not of a valid format. This might be caused by syntactically incorrect records but is often caused by so-called wildcard records that would match the request. Make sure the record for "default._bimi.yourdomain.com" exists and start with "v=BIMI1".
The validator has not found the default BIMI record of your domain. Your record has not been set or it has not been propagated in the DNS yet. It's time for you to set up one. If you have already set up your BIMI record, please recheck that your BIMI record is correct and try again a few hours later. Make sure to read the basic requirements first.
BIMI logo must be located at a secure URL using an https connection. This error means that the domain’s BIMI record location attribute points to a URL using an unencrypted http protocol. Update your BIMI record to point to a host using an https protocol.
The BIMI logo display requires proper email authentication and its enforcement. Such enforcement only makes sense when it’s deployed at the organizational domain level rather than a subdomain. DMARC enforcement protects domains from abuse and deployment on subdomains doesn’t provide the necessary security. The goal behind BIMI was to provide incentive for those who deploy and enforce email authentication properly. If BIMI was only tied to the subdomain policy it would lead to fragmentation of email security enforcement and miss the goal.
The BIMI logo display requires proper email authentication and its enforcement. It's also important that the enforcement policy applies to 100% of messages and not just a subset. It seems that the domain you have checked is still in transition to enforcement with percentage (pct) set to less than 100%. Make sure your DMARC deployment has been completed and set at 100% before deploying BIMI.
The BIMI record location attribute points to an URL that returned a response that was not a valid SVG file. The validator verifies whether the file found at the URL is an actual SVG file before it dives deeper into individual SVG format validations. Make sure the URL in your BIMI record points to an existing SVG file. It could have been removed, or the file is not an SVG.
All internet pages and files have a mime-type that specifies their content. For SVG the mime-type is image/svg+xml and during the check we have encountered a file being served with an improper mime/type setting. This could caused by a server misconfiguration or a security policy of a proxy or content delivery network. Check with your hosting provider that your logo is served with the correct mime-type setting. At the time of writing Cloudflare is known to serve incorrect mime-type for our automated checks.
SVG stands for Scalable Vector Graphics. While the name of the format is clear on Vector graphics the format allows to contain bitmap images embedded. Bitmaps are not scaleable and the file sizes increase exponentially with the resolution of the bitmap. BIMI logos must be stored as truly vector graphics and no bitmap images are allowed inside the SVG. Ask your designer to export your logo as a truly vector SVG with all fonts converted to curves.
The logos stored in BIMI record must have square dimensions. It doesn't mean that the logo must be a square just that the aspect ratio of the logo must be square. Make sure the dimensions set in the SVG header are exactly square (width = height).
External references are links to other SVG files, scripts or websites and are commonly used for website logos. BIMI SVG format does not allow for use of external references for security reasons. Such an external reference could be abused to swap actual content of the logo or to link to a fraudulent website or content. Make sure your logo contains no clickable links and is self-contained, eg. doesn't link to additional elements.
This error is usually related to the SVG contains rasterized image error and indicates binary content encoded as Base64 data. This type of content could be abused to inject harmful content to your computer and as such it is not permitted in BIMI SVG.
The BIMI SVG specification differs from the SVG Tiny 1.2 it is based on and SVG files exported as SVG Tiny 1.2. will fail to meet the criteria. The most common reasons are related to the attributes of SVG tag:
baseProfile="tiny" instead of baseProfile="tiny-ps" - this attribute identifies the specific SVG formating and BIMI requires "tiny-ps"
overflow="visible" - overflow attribute is not allowed in BIMI SVG
x=/y= - the X/Y attributes that define the artboard coordinates are not permitted as they must always start from 0.
As the BIMI SVG specification is still under development this warning does NOT affect the display of your BIMI logo at this time.
The SVG file in your BIMI record doesn't have the baseProfile matching the SVG Tiny P/S specification. This error would be accompanied by the error SVG did not pass BIMI SVG specification. Make sure your SVG header attribute baseProfile is set to "tiny-ps".
Accessibility is an important part of internet and the BIMI standard requires the logos to be accessible to visually impaired. For the browsers and devices to be able to interpret the content to visually impaired it's critical to provide a machine-readable element - the title. Make sure the title tag in your SVG contains the name of your brand and not a filename or anything that might lead to confusion.
The SVG files contains an "overflow" attribute in the header. Using overflow may lead to incorrect rendering and therefore is not permitted. This error would be accompanied by the error SVG did not pass BIMI SVG specification. Make sure to remove the "overflow" attribute from the SVG file header.