Early this morning Google announce several new security features were being released for the Gsuite of products. Product updates include new Google Meet, GSuite admin tools, and for those email geeks out there – an official announcement of the Gmail BIMI Pilot.
What is BIMI you ask? It’s a standard being developed by the AuthIndicators Working Group to help standardize the display of a brand logo across the internet in a secure maner. These could be used to display a brand logo in your email clients, in search results, web page favicons, or even a social media page – the opportunities are virtually endless.
But my logo already shows up in those places? There are many legacy systems that are manually managed and possibly limited availability to show these logos. They are also prone to error where a company with a similar name could have a person assign the wrong logo to an email domain. The purpose of BIMI is to allow the domain owner to set the logo and remove the guess work from an individual employee or group, a third party, or potentially a sunset application.
Google shared a mock up of a potential BIMI rendering in their announcement today to showcase BIMI in action. These brand logo files will show as the avatar next to the sender’s name and email at the top of the message – this is a similar visual experience to the Verizon Media Yahoo BIMI implementation. Non-BIMI domains will still show an initial or blank avatar logo.
The BIMI Group, who are working on developing the standard, have published several helpful articles on their website about adoption, current and expected support, and the minimum configuration you’ll need to support in order to participate.
- DMARC enforcement
- The DMARC policy must be at enforcement on the organizational domain, which means that the policy must be ‘p=quarantine’ or ‘p=reject’, without sp=none, or a pct= no less than 100.
- Example record:
_dmarc.cnn.com. 600 IN TXT "v=DMARC1; p=reject; rua=mailto:email@example.com,mailto:firstname.lastname@example.org; ruf=mailto:email@example.com"
- A proper SVG image according to the BIMI Standard:
- Square image with a solid colour background
- SVG Tiny 1.2 based on your logo mark
- A Verified Mark Certificate (BIMI certificate) for the logo – Gmail specific requirement at this time.
- VMCs exist to validate ownership of an organization’s logo; the certificates are based on registered trademarks of the logo/image. VMCs will be issued by two BIMI-qualified Certification Authorities – Entrust DataCard and DigiCert.
- Example record:
default._bimi.cnn.com in txt "v=BIMI1; l=https://amplify.valimail.com/bimi/time-warner/ITg_B9KhtJI-cnn_com.svg; a=https://amplify.valimail.com/bimi/time-warner/ITg_B9KhtJI-cnn_com.pem"
For more information be sure to check out the BIMI Group‘s website for the latest news.
Hi Matt, I already implement BIMI as per the requirements. All other records are showing okay except one that is showing SVG did not pass BIMI SVG specification. Any Idea where we are missing.
I don’t currently see a BIMI record for your domain? Also your DMARC record is set to none. BIMI requires DMARC at enforcement and a valid SVG image to be defined and published.