BIMI Record: The Ultimate Introduction
DMARC Advisor
The new standard to implement DMARC! Protect your domains against email abuse and phishing with DMARC Advisor.
Thanks to BIMI, every domain owner can now manage his own Brand Indicator (logo). Herein, a BIMI record functions like a signpost, pointing a receiver to the location where you saved your logo file. Optionally, it also refers to a VMC file. We invite you to keep reading and learn all about BIMI records and their possible contents.
Naturally, participation in BIMI is completely voluntary. To register yourself as a volunteer, all you have to do is add a BIMI record to your DNS with a link to your preferred logo. When checking your email for DMARC, the receiver also scans your DNS for a BIMI record. BIMI only works under the strict condition that the?DMARC policy?on your domain is either p=quarantine or p=reject. After the DMARC test returns positive for these conditions, your message appears in the inbox along with your logo. Remember, people: Safety First!
BIMI Assertion Record
So you save your preferences in a DNS TXT record. Similar to protocols like?DMARC?and?DKIM, these records are added to a subdomain. In this case ‘_bimi’. A domain can contain multiple records and to tell those apart, BIMI uses selectors. For our convenience, the default selector is ‘default’. DKIM selectors actually stood as an example for BIMI selectors, and so their functionality and manner of application are identical.
The TXT record which you publish in the DNS is also called a?BIMI Assertion Record. To add the necessary information to the Assertion Record, you use so-called?tags?which we discuss in the following paragraph.
Syntax Anatomy of a BIMI Record
v= Version (REQUIRED): The version tag indicates?which version of BIMI?we are dealing with. But the value has basically always been the same so far: “BIMI1”. It is a general rule that a BIMI record?always starts?with a filled-in version tag. If you leave it empty, the record will be refused. If it deviates otherwise, maybe because of a typo, it will also be ignored. It is important to do it right. But let’s be honest here: all you need to type is?v=BIMI1, so that shouldn’t be too difficult, right?
l= logo location URL (REQUIRED): Logically, you’ll need this tag if you want to show your logo in an inbox since this one in particular contains the location of your Brand Indicator. It allows the use of?just one URL?and?only HTTPS?is supported here. Further, it is important that the file you are linking to is in?SVG format. Another possibility is to leave this tag empty, which is called ‘declination to publish’. But more on that later.
a= Authority Evidence Location URL (OPTIONAL): This tag also consists of?a single URL, which indicates the location of the BIMI Evidence document, also known as the?Verified Mark Certificate?(or VMC). Again, it?only supports HTTPS?here. Leaving the ‘a=’ tag empty means that you either have no authority evidence to provide or that you decline to publish. And now that we mentioned this already twice, we can no longer avoid explaining what that means.
Declination to Publish
Leaving both the ‘l=’ and ‘a=’ tags empty, means you make an official statement that you do not wish to have BIMI in that place. And that is something different from not adding a record at all. As a BIMI record usually covers the whole domain, a declination to publish can be used to refuse participation for a specific subdomain, for instance. It’s a way of overriding the default BIMI settings if you don’t want a particular subdomain to show the brand indicator.
This also comes in handy when using different BIMI selectors for sending emails. Messages from a selector that has declined to publish will not display a logo, while the others will. A declination to publish simply looks like this:
v=BIMI1; l=; a=;
To summarize
It’s important to?add a semicolon?between every tag. Then, when added to the DNS, a?full BIMI TXT Record?would look sort of like the following image. Also, note that the DMARC policy should be on either?p=quarantine?(pct=100) or?p=reject. We have another article in which we list the?BIMI Requirements.
BIMI is more than just a record. As a whole it is an?ideal marketing tool, increasing brand visibility and opening rates. Because it requires a strict DMARC policy, BIMI is like?a reward?for taking the safety of your receivers seriously. We like to call it?the cherry on the cake?of DMARC implementation. You can do our free?BIMI Check?to find out if your domain is ready to stand out in a crowded inbox. If so, we know a bunch of friendly DMARC Advisors who would never refuse a piece of that lovely cake. Feel free to?contact us?about where to send it to. Or just any subject related to BIMI Records or DMARC, of course.