BIMI

In this article, you learn about BIMI, how it helps the fight against phishing, and what can be done that everyone could potentially benefit from it.

What is BIMI?

In the world of phishing, every little help we can provide to users to spot scams and fraud is welcome. BIMI is one such tool. It helps you recognise a genuine sender by showing their official logo even before you open that email, like a company ID or badge for emails. BIMI, or Brand Indicators for Message Identification, can also help boost the image of the brand, making it look posh and distinct.

Is BIMI complicated?

I would say the technical complexity of BIMI implementation is medium or intermediate; but the legal complexity of BIMI is horrendously difficult; and the VMC certificates may be too expensive for a small business or an individual.

All views are personal; this is not a school debate and I will help you understand all three components.

1. Technical

It's slightly tricky to convert the logo image from traditional formats (like jpg or png) to the prescribed format called “Tiny SVG 1.2 P/S”. This format makes logo images smaller and simpler.

It took me a whole day to create my BIMI logo; the only cost was my time, but I could do that entirely using open-source software and free online converters.

2. Legal

The BIMI standard is evolving and currently proposes trademark registration of the logo to prove ownership. Trademark registration means legally claiming that logo as yours. Depending on your business needs and budget, you're going to spend a lot, especially if you use lawyers and trademark specialists. Their fees are above the official charges.

The legal process can take many months. Remember that currently, you can use a logo without trademark registration. So, I have tried both approaches (1) with and (2) without trademark registration.

It took me four months to register one logo in one jurisdiction (the UK) without lawyers' support, and the cost was about GBP 500 in total.

I simply gave up with the cost and process of registering the logo in the EU and the US. But if I were a business and used trademark lawyers across major jurisdictions, I would budget GBP 30,000 per logo. Your actual prices could be significantly different from my estimate. Who knows, you may get a cheaper deal!

3. The VMC certificate

The purpose of the VMC certificate is to add a digital signature to the logo, which is like a seal of approval for your logo, improving its credibility and legitimacy.

At the moment, I find there are only two private companies that issue VMC certificates. Their pricing is, in my view, extremely high. Personally, I cannot afford those costs. Unfortunately, my favourite certificate issuer (Let's Encrypt) does not issue free VMC certificates for BIMI logos. They only issue SSL(/TLS) certificates for websites free of cost.

Personal Experience

Everyone will need to decide if they or their business will use BIMI or not.

I have implemented BIMI successfully without VMC as it is not a hard requirement (yet). I registered one of my two logos as a trademark just to get the hands-on experience. It is expensive.

In January 2025, as I write this article, I do not foresee BIMI becoming useful for mass application. Big organisations with deep pockets may use it, but for those with limited budgets, we need better solutions.

In early days of BIMI implementation, some email service providers did not insist on the VMC (which in turn needs trademark registration and a lot of money), but today I do not see the BIMI logos in the inbox for Protonmail, Gmail and Outlook.

My Recommendations

I would advocate that trademark registration as a mandatory requirement should be dropped. Remember that registration has not stopped counterfeiting in the world; it only improves your chances of winning a lawsuit.

If this change happens by miracle, I would also suggest that Let's Encrypt should issue VMC certificates for free. Only by making BIMI free and accessible to individuals, charities, schools, and small businesses, can we take one more little step to tackle the global threat of phishing.

What do you think? If the logo of the sender appears next to an email in your inbox (BIMI), does that really change your view on that email?

Santosh Pandit

31.1.2025