BIMI Record – What is it? How Does it Add to DMARC?

Brand Indicator Message Identification (BIMI) is an industry-wide standards effort to use brand logos as indicators to help email recipients recognize and avoid fraudulent messages. This standard is still currently in beta with only several brands from Oath (Yahoo!, AOL, etc.) testing this concept in front of their mailbox users.

If this standard comes to full fruition, it should be a win-win for both businesses who send email and all individual users of email. Email users will have a robust means to visually identify phishing/spam emails posing as businesses upon their arrival to the email inbox and businesses will have the added benefits of:

  • Their brand images prominently displayed in their audience’s inboxes bringing positive attention to the brand at near zero cost
  • Improved delivery rates via the adoption of DMARC and reduced spam classifications

How BIMI Records Work

A fairly recent improvement, most of today’s email shows your brand’s initials in the customers’ inboxes (e.g., R signals Redbox, DT means Discount Tire). This helps current and potential clients identify and trust messages received by these recognizable companies. With BIMI records, that trust factor significantly increases because an actual logo is used in place of mere initials. By publishing a DNS Record, the inbox provider automatically integrates your brand into every email sent from your domain (e.g., Best Buy logo displayed instead of BB).  This allows message recipients to recognize and have confidence in clicking the message in question.

Requirements of BIMI Records

Using BIMI requires ensuring DMARC authentication is set up on the domain. In fact, the BIMI concept is viewed as an extension of DMARC. Both protocols are highly beneficial to ensuring a domain’s messages are delivered and to help crack down on phishing and spoofing attempts. If you haven’t setup DMARC yet, you can learn about more of the benefits here. If you already have setup DMARC (great job!) keep checking back with us, as we’ll let you know when this beta concept gets rolled out to everyone.

Steps to Publish BIMI Records

After getting DMARC setup and ensuring it’s running smoothly for your domain, integrating the added bonus of BIMI looks to be as simple as creating a BIMI Record, a type of TXT DNS Record. We will post the full details when the standard gets out of beta.

MxToolbox is currently monitoring BIMI records in beta for the purposes of helping customers adopt technology if this development is proven beneficial for our users.

If there has been something holding you back from implementing DMARC our Delivery Center tool will put your company on the right path to enabling and enforcing DMARC. If you have already setup DMARC, we recommend discussing your specific situation with one of our email delivery experts to ensure your business is setup correctly and optimized for the best email delivery. You might be missing key DMARC insights or accidentally overlooking important email delivery problems. MxToolbox products have all you need to employ DMARC and increase email delivery rates for your brand. After all, your company’s reputation depends on it.

Keeping your Verified Sender List updated

Did your accounting department add a new billing vendor? Or, did your Marketing department decide to try out a new email marketing solution?

These common situations often lead to email delivery problems that can go unnoticed until after you learn that no one has been receiving your email for some time. In many cases, those making these changes are unaware of the importance of maintaining and updating their business’s email focused DNS records, let alone understanding what DNS records are.

Now, imagine those two examples repeated over and over again as new vendors come and go, other departments expand, or business infrastructure changes. The result? Unknown email delivery problems that will cost time and money and hurt your brand.

Manage your SPF Record

If your business sends email, then we hope you have an SPF Record setup for your domain. If you don’t have SPF and you are sending email you will need to get a record setup asap!  If your business utilizes third parties to send email, SPF is mandatory for your email to reach it’s destination. Keeping SPF updated and correct across all email domains is an important task that needs attention. If the SPF Record is missing a sender or is mis-configured,  a receiving mail server or cloud-based email service (e.g., G Suite, Microsoft Office 365) may block the message from being delivered.

One of the most challenging aspects of email is managing this ever expanding list of senders that are used across multiple departments and/or vendors of your business. This has a real work impact as most businesses only realize too late that their SPF record needs to be constantly updated with each vendor or internal service they add over time. Until customers start asking where your emails are or your email revenue drops you probably won’t even think to ask questions like: Did our administrators start using a third-party email provider without telling us? Are the sales team still using that lead software or did they switch to Salesforce? Better yet, probably almost no one will ask…has anyone updated the SPF record to be current?

Basically, the “too many cooks in the kitchen” expression applies to this situation. This is where having an email partner like MxToolbox makes a lot of sense. Taking MxToolbox’s years of email expertise and Delivery Center service, your team will immediately know  when these type of problems occur, long before you notice the revenue drop or get customers calling in.

Can You Have Too Many Senders?

In the 2019 world of email, most businesses send email through a number of vendors (think Office 365, MailChimp, Salesforce, etc.) along with their own systems. After a certain point having too many senders becomes a major problem. To put it bluntly, email servers will reject your mail, every single piece of it. Known to email admins, the 10 lookup rule with SPF records has become a real problem for businesses that use multiple email services.

Use Outlook.com? That will be three (6) lookups. Send marketing email with Sendgrid? Thats another one (1). Send trouble tickets via Zendesk or website status updates through Status.io? Thats another two (2). We’re already at nine (9) lookups and thats only using a small subset of vendors. With all these vendors, now that limit of 10 doesn’t seem so hard to hit.

The really scary part is that nearly all businesses are unaware there is a limit and when they exceed it. This lets good mail get rejected, losing your business valuable revenue from your email program. To prevent situations like this from happening, MxToolbox monitors your senders as part of the Delivery Center service. Add too many vendors – we’ll alert you to that instantly.

Sending from Subdomains too?

Often overlooked when sending email is the importance of unique SPF records for every subdomain that sends email. Do your marketing campaigns come from marketing.domain.com? Then you might require a unique SPF record.

For example, a business sends email via two (2) domains: mail.domain.com and accounting.domain.com. To ensure that email will be delivered, both of the two subdomains need to have their own SPF record. Failing to add a SPF record for one of the domains may lead to delivery problems. This requirement continues in the event the business decides send email from other domains, such as the company’s marketing department decides to start sending marketing promotions via marketing.example.com.

This problem with subdomains often occurs from how easy it is to spin up a subdomain for a unique campaign or maybe a department function. Do your customers get invoices from invoices.domain.com? For this reason many businesses hit this pitfall with SPF and only later learn about the problem, after revenue has been lost in the process. With those three (3) examples plus your business’s primary domain that’s four (4) domains that need unique SPF records.

Summary

Keeping an eye to all the scenarios described above can seem a daunting task. This is where a partner like MxToolbox comes in to help.  With our years of email expertise and Delivery Center software, we can make sure your business is alerted to these types of situations long before they become email crippling problems.

 

Why are my messages not getting delivered?

Unless you’re an IT professional, you might not understand the ins and outs of email delivery. As your business continues to grow, it’s important to ensure your messages are delivered as planned to the intended inboxes. For companies that rely on email correspondence to expand their brand, knowing the intricacies of email delivery is a necessity. MxToolbox is your expert on an often-overlooked aspect of electronic communication deliverability: functioning SPF and DKIM.

Importance of SPF and DKIM

For your email delivery rates to be as high as possible, your first need to keep your sending IP addresses off of blacklists.  Now, correctly implementing Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) is crucial to email delivery. The SPF protocol is an email validation method designed to limit spoofing. SPF allows you to publish a list of IP addresses that are authorized to send on behalf of your domain.  Receiving mail exchanges verify that incoming mail sent from a domain comes from an IP address authorized by that domain’s administrators.  Major inbox providers, like Gmail, Yahoo! and Outlook.com, scan email to validate that the sending IP is included a sender’s SPF record.  If not, the email can be rejected.

DKIM allows a sender to cryptographically sign an email, essentially claiming ownership.  DKIM also helps to combat spoofing.  When a recipient inbox provider receives an email, they can check the signature against a public key published by the sender.  If everything checks out, then the inbox provider knows the sender authorized the email.  Failed emails may be rejected.

By keeping an updated list of active outbound domains/providers that your company uses to send messages, you will be practicing good email hygiene.  You are removing one of the key reasons email is rejected – senders not listed in your SPF records.  Knowing which senders are and are not utilized creates a more organized approach to email deliverability and enables you to configure SPF and DKIM more accurately.  In addition, you cannot ignore the importance of monitoring your IP blacklist reputation.

If you accidentally misconfigure your SPF and/or DKIM protocols, your messages may be quarantined or outright rejected by inbound providers.  Incomplete/erroneous records, new senders missing from SPF implementation, and providers not handling DKIM properly are just a few of the issues that could derail your email delivery efforts if the SPF/DKIM mechanisms aren’t correctly applied. Identifying and resolving these issues equates to a simplified workload for inboxes to recognize your emails are legit and they come from a trusted domain.

MxToolbox is the Email Delivery Expert

MxToolbox provides everything you need to curate your outbound email provider list, analyze your email reputation, and setup SPF, DKIM and DMARC moving forward.  With a variety of insightful and comprehensive products available, MxToolbox is the clear choice to address your email delivery needs. Contact our experienced team to discuss how to best maximize your message delivery rates and expand your company’s brand.

Email Deliverability

Email deliverability should be a concern for any business. If you cannot effectively reach your customer base, you cannot do business.  Your business needs to ensure your email systems (both 3rd party & internal) are:

  • Operational
  • Properly configured
  • Free of negative reputation issues
  • Listed in your SPF record
  • Support DKIM
  • DMARC compliant

Additionally your business needs to be safeguarded against online phishing and spoofing campaigns that mimic your business and diminish trust in emails sent from your business. To help you achieve optimal delivery rates, detect email system & configuration issues, and prevent fraudsters from tarnishing your brand, MxToolbox offers several beneficial tools.

Today, we’ll focus on the Email Deliverability tool.  Email Deliverability provides your company a full report assessing your overall delivery status, combining many diagnostic email delivery and reputation tests into one tool.

MxToolbox’s Email Deliverability Tool

This specific tool allows you to receive a comprehensive message deliverability report in two quick steps.

  • Step 1: Send a test email to ping@tools.mxtoolbox.com from the email system you want to test
  • Step 2: Once you’ve sent an email, you’ll receive an email from us giving you a quick snapshot of your report, simply click the “View your full deliverability report” link to access the detailed feedback. You can additionally just enter the email address that sent the message in the input field on the Email Deliverability tool page.

The Report

MxToolbox systems analyze your headers, the blacklist reputation of your outbound IP address, and tests your email to verify SPF, DKIM, & DMARC authentication pass. Thanks to a recent update, the free Email Deliverability tool now delivers SPF & DKIM verification to ensure the email is being properly authenticated. You would be surprised knowing how many senders have SPF & DKIM issues affecting their email delivery and the reputation their email environment. By providing vital data about your email status, this tool shows where your company’s email platform needs help.

Adding to the list of the Email Deliverability Tool benefits, you can test your business messages for blacklists, as well as DMARC, SPF, and DKIM errors.

Protecting your brand with DMARC

Let’s envision a potential nightmare for your brand:  Your database gets hacked and all of your customers’ private information is now on the dark web, potentially available to exploit.  Now, you need to notify all of your customers to the potential threat.  Instead of sending it out through your typical email channels, you decide to setup a special domain specifically for this purpose.  Sounds logical, right?  What could go wrong?

How about the rejection of this highly important email and a serious erosion of trust for your brand?

If this sounds far-fetched, it shouldn’t.  It really happened to a Fortune 500 brand in 2018 – Marriott.

The Full Story

Following a harmful data breach involving personal information of up to 500 million guests in late November of 2018, the hotel giant decided to send notifications to its customers using a new domain email-marriott.com, instead of marriott.com or starwood.com, the affected brands.  Traditionally, Marriott properties had used the domain of the brand for customer communications around reservations, for example courtyard.com for Courtyard by Marriott properties.

From a technology standpoint, this was a completely logical decision. Marriott had been transitioning email communications to the email-marriott.com domain for sometime.  However,  customers reacted with confusion for several reasons:

  1. The message sender name appeared to be email-marriott, not Marriott, or an identifiable brand.
  2. email-marriott.com looks strange to customers of other Marriott brands that may not use the Marriott name: Starwood, Westin and Ritz-Carlton for example.
  3. It is a common technique for spoofers to use a domain that uses similar names to the intended target.
  4. The topic of the message is about security, which automatically heightens customer attention to small details relating to security.

Missteps by Marriott

Not only did it backfire in terms of reaching the inboxes of their client base, it also created a major backlash and critically damaged their email reputation.  Particularly troubling is item #3, the email-marriott.com domain mimics a fraudster’s spoofing/phishing efforts, some receivers were undoubtedly leery of opening the message. Appending common words to a known brand name is a scammer’s go-to move. The following phishing domains have been used in recent cybercrime attempts:

  • support-appleinc.com
  • service-capitalone-com.tk
  • support-verificationaccount.com

Marriott’s failed to recognize the potential pitfalls of their notification strategy and ended up compounding a customer relations problem.

What’s in a Domain?

Your company’s email reputation, as well as your customers’ security and trust in your brand, rely on which domain you utilize. Selecting an identifiable sender domain name is a best practice for businesses that rely on email to regularly communicate with clients. Domain name reputation plays a vital role in email deliverability. Unfortunately, Marriott discovered the hard way that using a nonspecific domain to suddenly send hundreds of millions of emails isn’t a good idea.

Building your company’s domain reputation can be achieved in several ways, including the length of time the domain has been registered and using it to send messages to engaged recipients. Having legitimate contact information listed on your website also helps increase overall reputation and deliverability.

Protect Your Brand

Because online security is a legitimate concern for your customers, making sure all outgoing emails are safeguarded and delivered as intended should be a top priority for your business. At MxToolbox, we specialize in helping you achieve high message delivery rates. By improving your company’s domain reputation, situations such as the aforementioned Marriott fiasco will be of no concern. To discuss your brand’s options and learn about MxToolbox’s DMARC products to solidify domain reputation, please contact our team of experts. We look forward to helping you achieve future email success.

DMARC and Phishing

Businesses, like yours, rely heavily on email for internal and external business communication, so safeguarding your email is necessary to ensure your company’s interests are protected against harmful phishing attacks. Email phishing is when a third-party (usually a hacker or malicious website) uses the brand identity of a company to deceive a recipient into divulging sensitive information. The negative effects of a customer falling victim to a phishing scam are varied but damaging to your brand’s reputation. Thankfully, protocols such as DMARC and SPF are available to help combat email phishing attacks.

Why Using DMARC and SPF on Mail Servers Is Necessary

The original standards for email were written without much attention to security; the Internet of the time was a small community of scientists, not a commercial platform. This oversight meant email was sent in clear text with no encryption and anyone could pretend to send email from any domain with a simple change to the text wrapper of the email.  My coworkers used to enjoy sending emails to random coworkers from santaclaus@northpole.com around Christmas every year.

However, email authentication technology has made great strides in securing mail servers in the fight against hackers and online criminals. Blacklists started off as a means to detect and limit IP addresses and domains that were frequent bad actors.  And now, technologies such as SPF, DKIM and DMARC can recognize and halt the most convincing fraudulent emails in their tracks. SPF plays a key role in email delivery by letting you control who sends messages on your company’s behalf, while DKIM allows you to cryptographically sign an email, and DMARC ties them all together by allowing recipients to provide senders with information about email sent on their behalf.

By the Numbers

Industries as a whole are implementing these authentication tools to offset the increasing number of phishing scams, with 80% of all federal domains currently publishing a DMARC record. This rise in adoption reflects a positive shift in the way entities should treat email threats.  As a federally mandated security measure, it is clear that using DMARC for email security is becoming a necessity for doing business.

On the other hand, in the United States, only Fortune 500 companies and large technology businesses have a DMARC adoption rate of 50% or higher. This gap shows that IT departments lack the necessary skills to handle such a task. But, not all the news is bad – 28% of Fortune 500 companies were utilizing DMARC at the end of 2017,so the jump to nearly double that number is great progress. However, almost 50% of companies have yet to implement DMARC into their email security, an area for improvement.

Next Steps with MxToolbox

If your business domain is not DMARC compliant, MxToolbox recommends you begin to to evaluate and adopt this beneficial email technology to improve delivery rates and stop the onset of malicious phishing attacks. Start with ensuring your SPF setup is correct, a vital piece that DMARC depends upon.  Once you have SPF configured, move to adopting DMARC.  Phishing and other scams are preventable, so why not take the fight to them? After all, your brand reputation relies on keeping your customer communications secure and legitimate. Contact our expert team to discuss your DMARC and SPF options to safeguard your messages.

New Features for MxToolbox

At MxToolbox, we’re continuously striving to provide cutting-edge tools to help our customers improve their company’s email practice. As you can see on our Network Tools page, we offer a wide-range of helpful free tools and paid products that ensure your business email platform is working at its optimal level. And since we’re routinely updating and expanding our collection of tools, we recommend you visit the page often for the latest developments. For the most recent updates and newest tools please check out the NEW! tab. Let’s take a closer look at some of the more popular MxToolbox features.

NetworkTools-21April2019

Email Tab

The email portion of the Network Tools page contains some of our most popular tools such as the MX Lookup and Blacklist Check; and offers several other essential diagnostic tools that can greatly benefit your company’s email setup. For example, the SPF, DKIM, and DMARC tools now support improved message delivery and provide feedback catered to your business domain. Moreover, the two specific DNS record generators features (SPF and DMARC) MxToolbox offers under this tab help create records for the respective protocols.

Network Tab

For this section of Network Tools, the ASN Lookup and Domain Health Report tools are highlighted points. For example, the ASN (Autonomous System Number) Lookup query takes either an AS name or AS number as input and returns the missing component. For immediate feedback regarding your domain, the Domain Health Check will execute hundreds of domain/email/network performance tests to ensure your systems are online and performing optimally. In addition, the report will provide results for your company’s domain and highlight any critical problem areas that need attention.

DNS Tab

The DNS tab provides all the key DNS tools to help make sure your DNS records are published correctly and your DNS is operating at 100% such as DNS Lookup, DNS Check, and Whois. This list of tools also contains some advanced DNS Security diagnostic tools such as nsec, rrsig, and more.

MxToolbox’s Newest Additions and Updates

Among the many email tools MxToolbox offers, there are a few that stand out. Although we love each equally, if forced to name favorites, these come to mind:

  • DMARC Report Analyzer – One of our newest tools, this feature will make DMARC Aggregate XML reports human readable by parsing and sorting them by IP address into understandable reports.
  • DMARC Generator – Another new tool we’re proud of, this generator will help you create a DMARC record specifically for the domain/subdomain that you submit. Simply put, this tool’s a must for your DMARC implementation.
  • Header Analyzer – Found under the Email tab, this tool will make email headers human readable by parsing them. This helpful feature is a popular tool to which we’ve recently added DMARC, SPF, and DKIM testing functionality.
  • Email Deliverability – Also under the Email tab umbrella, this tool has been updated for easy workability. Send a test email to us, and we take over from there to generate a comprehensive deliverability report. To receive crucial data regarding your email status, definitely try this tool.

MxToolbox strives to provide your business the most beneficial information related to your email platform. By offering your company a variety of free tools to gain optimal deliverability, we believe our tools allow your messages to be delivered successfully. This not only protects your business, but also your customers. Whether found under one or more tabs, the features shown on the Network Tools page are vital to your email rates. Be sure to explore the page and try as many as desired. We’re here to help.