If you haven’t read Part 1 of this blog, we recommend you do so first before continuing. We will reference and build on topics like DMARC, SMTP and DNS servers, and adding records.
In Part 1 of this blog, we provided a high-level overview of how to set up SPF, DKIM, and DMARC for BIMI email authentication. Now that you have a solid understanding of these email authentication basics, you’re ready to take a deep dive into the necessary steps for you (or a trusted developer) to set up a BIMI record on your own domain!
What are the steps for implementing BIMI email authentication?
There are two main components of setting up BIMI on your domain.
1. Your email must be authenticated using a DMARC record.
2. You must publish a BIMI record alongside your other DNS records.
Although these requirements are fairly simple and straightforward, the work that goes into them has the potential to be complex and time-consuming. Let’s walk through the setup procedure step by step.
Authenticating your email using DMARC
To comply with BIMI, your DMARC TXT record must be set to “reject” or “quarantine”. In addition, the “pct” (percent) element must be set to nothing less than 100. If you omit it entirely, it will be 100% by default.
Here are some BIMI compliant DMARC record examples:
"v=DMARC1; p=reject; pct=100; rua=mailto:firstname.lastname@example.org" "v=DMARC1; p=quarantine; rua=mailto:email@example.com"
Setting up your logo
In order to display correctly in the inbox, your logo will need to be in SVG format. This is a web-friendly vector format using code to create the image, meaning it can scale to any size. Specifically, your logo will need to be converted to the SVG Tiny Portable/Secure (SVG P/S) format.
If your logo already exists in another vector file type like .ai, .eps, or .pdf, you should be able to export it as a standard .svg file. Unfortunately, there is no easy way to export an image as the SVG P/S file type directly from Adobe Illustrator or other vector design programs. You can download a standalone SVG to SVG P/S converter tool for Windows or Mac on the BIMI website, or you can download a script designed to export this file type and add it to your Illustrator program.
If a vector version of your logo does not exist, it will need to be recreated by a graphic designer familiar with the programs used to generate these formats. Now may also be a good time to reevaluate the effectiveness of your current logo and consider an update before further steps are taken.
Uploading your logo
Once your logo is correctly formatted as a SVG P/S, you will need to upload the file to a public, web-accessible directory (more than likely, the same place you host your other website files) so you can generate a URL and link to it in the BIMI record.
Purchasing a VMC (Verified Mark Certificate)
A Verified Mark Certificate provides proof of ownership for your logo. Although it is not strictly required for creating a BIMI record, some email recipient servers will require it to display your logo in the inbox, so it is strongly suggested that you purchase one.
The very first step in the process is ensuring that you own your logo in the form of a registered trademark. If you haven’t done so already, it’s recommended that you begin the process immediately as it can take some time to complete.
After you’ve registered the trademark for your logo, you can begin the VMC process. There are numerous organizations that sell VMCs, but the two recommended by the Authindicators Working Group are DigiCert and Entrust.
A VMC offered by these Mark Verifying Authorities (MVAs) can cost between $1000-$1500, and lasts for one year (the renewal price is the same as the initial purchase price). They will also ask you/your organization for documentation proving that you own the trademark of your logo.
It’s important to note that the acceptance of your VMC can vary by mail service provider. There is a chance a mail service provider may only accept certificates from a specific MVA, or it may not accept them at all. . This decision is entirely up to the recipient’s mail service provider, but having a VMC can only help the likelihood of your logo displaying for your customer.
Uploading your VMC
After you’ve purchased your VMC and proven you legally own your logo, you’ll receive a Privacy Enhanced Mail (PEM) certificate file. Just like your logo’s .svg file, you will need to upload this .pem file to your web server and add its resulting URL to the BIMI record.
How to create a BIMI record
Your BIMI specifications are added to your DNS server as a TXT record, just like DMARC. Here is a BIMI record example:
This example is comprised of three parts:
v=BIMI1 – this indicates that it is a BIMI record.
l=https://images.yourdomain.com/brand/your-bimi-logo-file-name.svg – this is a link to your logo’s image.
a=https://images.yourdomain.com/brand/your-certificate-file-name.pem – this is a link to a Verified Mark Certificate (VMC). This element is optional, but highly recommended, as some email recipient servers will require it.
Testing your BIMI compliance
Once you’ve added your BIMI record to your DNS, including a link to your SVG logo and (optional) VMC, you can test for compliance using this tool on the official BIMI website. It will check to see if the necessary email authentication protocols are in place, as well as look for the BIMI record and a SVG logo image.
If your BIMI record is working correctly, you’ll be able to see an inbox preview and even check what your logo will look like if the recipient’s phone is in dark mode.
If you make any changes to your BIMI record, it may take some time to correctly reflect. You can reduce this delay by lowering the TTL (time-to-live) value for the DNS record to its lowest possible value (this value varies based on your DNS Provider). TTL is measured in seconds, so we recommend setting an initial value to be 300, which would be a 5-minute wait.