When Google, Yahoo and Apple announced their email applications would support BIMI, it appeared that BIMI was ready to become an important standard in email marketing. Think about it: Your precious logo directly attached to every email you send, right there in the subject line. You get instant brand recognition and, thanks to the DMARC requirement, trust.
But, BIMI adoption is hitting some serious speed bumps…
What’s going wrong?
BIMI has two major technical issues and one misconception contributing to slow adoption by businesses. Let’s start with the misconception.
BIMI Requires Strict DMARC policies
In order for an email to even be considered for BIMI, the sending domain must have implemented DMARC, must send DMARC compliant email and must configure their DMARC policy to 100% Reject or Quarantine. The major misconception we hear from our customers is: “Strict policies might stop some legitimate email from getting to the recipient”.
There is some truth to this, so, let’s break it down:
- Email that is not DMARC compliant is inherently assumed to be suspect by the Inbox Provider.
- Email that is DMARC compliant has a higher trust level.
- Strict DMARC Policies instruct the Inbox Provider to stop non-compliant email.
- Inbox Providers may choose to ignore or accept DMARC policies, but most incorporate them into their inbox placement algorithms.
Regardless of your DMARC policy, non-compliant email will be suspect, however, with a stricter policy ALL your compliant email will have a higher trust level. Going to a strict DMARC policy is better for your email delivery. You can fix a temporary compliance issue, earning trust is hard.
MxToolbox Delivery Center was designed to help keep all of your legitimate email DMARC compliant and quickly alert you to areas of non-compliance to keep your email deliverability at the highest level.
Getting a BIMI-Compliant Logo can be Difficult
The BIMI standard requires a square logo that reflects the brand of the domain, formatted in SVG, that meets very specific requirements and often requires “a few manual tweaks”. For most of our clients attempting to adopt BIMI, MxToolbox has found that getting a BIMI-compliant logo to be time-consuming and difficult. Until this process is simpler, companies will struggle to adopt BIMI.
Most BIMI Inbox Providers Require a Certificate
The BIMI Group originally made BIMI completely open on the assumption that achieving DMARC-compliance with strict policies was sufficiently difficult to prevent spoofing. However, spammers and fraudsters are quite savvy and capable of adapting quickly. For example, grab a BIMI logo from a legitimate company like Bank of America, setup a fake domain like BanofAmerica.net with SPF, DKIM, DMARC and BIMI and start spamming. It looks legitimate enough to fool the average spamming target and leverages a known brand’s legitimate logo.
To combat this potential loophole, BIMI Inbox Providers are requiring an evidence document called a Verified Mark Certificate (VMC) issued by a 3rd-party authority like DigiCert or Entrust Datacard. These authorities investigate your domain and issue a credential that certifies your DMARC and BIMI setup and issues a certification specific to your domain. This is similar to having a Secure Certificate for SSL/HTTPS.
The speed bump for BIMI adoption is that there are only two VMC issuers at present and the cost is $1100-$1500 per year, per domain. While this is negligible for big, well-known brands, smaller companies or companies with multiple domains may be priced out of the market further reducing the potential of BIMI.
The MxToolbox Expert Take
BIMI has become a bit of a moving target that makes it difficult to recommend at present. While our team of experts stands by to help you adopt SPF, DKIM, DMARC and BIMI, we no longer see BIMI as being essential or urgent until the standard stabilizes and/or the costs decrease.
Adopting DMARC and getting DMARC to a strict policy is imperative for good email delivery and adopting BIMI. Get started today with MxToolbox Delivery Center