How to Implement BIMI for Email

Brand Indicators for Message Identification (BIMI) is the latest in email authentication protocols. It is a new method for authenticating emails and preventing brand spoofing. Like other protocols, it involves setting up a record on your sending domain’s DNS, which receiving mail servers use to verify that the message is legitimate.

What makes BIMI unique is that it is subscriber-facing. Your list doesn’t know that you’ve set up SPF, DKIM, and DMARC, but they can see the results of BIMI. The logo in their inbox can be a sign indicating the email is safe to open and engage with. For brands, it’s the payoff for getting your email authentication practices up to speed. Here’s an example of how it can show up in a reader’s inbox:


How to implement BIMI (steps 1-4 must be in place before you can add your BIMI record to your domain):
  1. Ensure your SPF, DKIM, and DMARC are in place. You can check the status of these here:
  1. Create an SVG file of your logo. Your logo MUST be in the SVG format SVG Tiny 1.2 and uploaded (in a later step) to your public web server. Follow the instructions to create the correct SVG file here:
  1. Confirm your logo is a registered trademark. Check to see the status of your logo here:
    1. When reviewing the registered trademark, ensure your logo matches the logo creative you used to create the SVG file, and that the trademark address or any other information is up to date.
  1. After you’ve completed items 1-3, you will apply for a Verified Mark Certificate (VMC). Contact DigiCert or Entrust certificate authority (CA) to request a VMC and begin the application process.
    1. During this process, you will work with the chosen vendor to complete the application.
      • The vendor will ensure that your logo is in the correct SVG format, and your trademark is registered and up to date. They will not continue the process until they have these items.
      • They will then require you to go through a verification process including a notary verification and video verification call. This process can take several weeks to complete.
    2. Once the application process has been completed and you have been approved by the vendor, you will work with your IT Department to create the certificate request.
      • Once the request has been made and approved, you will then be able to add the BIMI verification to your domain. See next step.
      • *These certificates last 1 year and will need to be renewed yearly to stay up to date.
  1. Add the BIMI TXT record to your domain provider.
    1. You can generate your TXT record here:
      • NOTE: You must have the correct SVG file and VMC file to create the record.
    2. Add your DNS TXT record to your domain provider.
      • Host= default._bimi.YOURDOMAINHERE
      • TTL= 1 hour (3600 seconds)
  1. Validate your BIMI record here:

Congratulations! Your domain is now BIMI authenticated.

+ More Insights from Dunham+Company: “Five Ways to Optimize Emails for Better Results

Ready to take the next step? Dunham+Company is here to help your organization have more impact and establish deeper relationships with your donors and supporters.