BIMI
What is BIMI?
BIMIAn email standard that lets domain owners display a verified brand logo next to authenticated messages in supporting clients, conditional on a DMARC policy of quarantine or reject.
Brand Indicators for Message Identification (BIMI), defined across IETF drafts (notably draft-ietf-dmarc-bimi) and the BIMI Group specifications, allows a domain to publish a TXT record at default._bimi.example.com pointing to an SVG Tiny PS logo and, optionally, a Verified Mark Certificate (VMC) issued by an authorized authority such as DigiCert or Entrust. Mail clients including Gmail, Yahoo Mail, Apple Mail, and Fastmail display the logo only when the message passes DMARC with an enforcement policy (p=quarantine or p=reject) and alignment. BIMI improves brand trust, increases user recognition of legitimate mail, and gives organizations a tangible reward for completing DMARC enforcement.
● Examples
- 01
Publishing default._bimi.example.com TXT v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/cert.pem to display the brand logo in Gmail.
- 02
Acquiring a VMC tied to a registered trademark so Apple Mail shows the verified logo.
● Frequently asked questions
What is BIMI?
An email standard that lets domain owners display a verified brand logo next to authenticated messages in supporting clients, conditional on a DMARC policy of quarantine or reject. It belongs to the Network Security category of cybersecurity.
What does BIMI mean?
An email standard that lets domain owners display a verified brand logo next to authenticated messages in supporting clients, conditional on a DMARC policy of quarantine or reject.
How does BIMI work?
Brand Indicators for Message Identification (BIMI), defined across IETF drafts (notably draft-ietf-dmarc-bimi) and the BIMI Group specifications, allows a domain to publish a TXT record at default._bimi.example.com pointing to an SVG Tiny PS logo and, optionally, a Verified Mark Certificate (VMC) issued by an authorized authority such as DigiCert or Entrust. Mail clients including Gmail, Yahoo Mail, Apple Mail, and Fastmail display the logo only when the message passes DMARC with an enforcement policy (p=quarantine or p=reject) and alignment. BIMI improves brand trust, increases user recognition of legitimate mail, and gives organizations a tangible reward for completing DMARC enforcement.
How do you defend against BIMI?
Defences for BIMI typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for BIMI?
Common alternative names include: Brand Indicators for Message Identification.
● Related terms
- network-security№ 333
DMARC
An email authentication standard defined in RFC 7489 that lets domain owners publish a policy telling receivers what to do with messages that fail SPF or DKIM and aligned domain checks.
- network-security№ 1076
SPF (Sender Policy Framework)
An email authentication mechanism defined in RFC 7208 that lets a domain publish in DNS which IP addresses or hosts are authorized to send mail using its domain in the envelope MAIL FROM.
- network-security№ 330
DKIM
An email authentication standard defined in RFC 6376 that lets a sending domain add a cryptographic signature to outgoing messages so receivers can verify that headers and body were not altered.
- attacks№ 375
Email Spoofing
Forging email headers so a message appears to come from a trusted sender, typically to enable phishing, fraud, or malware delivery.
- network-security№ 984
Secure Email Gateway
A perimeter or cloud service that filters inbound and outbound email for spam, phishing, malware, data leakage, and policy violations before it reaches user mailboxes.
- attacks№ 135
Business Email Compromise
A targeted fraud in which an attacker impersonates or takes over a corporate mailbox to trick an employee into wiring money, changing payment details, or sending sensitive data.