Categories
Best practices

What Is BIMI, and Should I Set It Up for My Brand? Here’s What You Need to Know

BIMI will help you authenticate your domain and block spammers, and may lead to an uptick in reader engagement in the process.

Litmus logoThese stories are presented thanks to Litmus, the all-in-one marketing platform that empowers you to build, test, review, and analyze emails more efficiently and effectively than ever so you can get the most out of every send. Optimize and personalize your emails to maximize ROI and create exceptional brand experiences for every subscriber. Learn why 700,000+ professionals across companies of all industries and sizes trust Litmus to make every send count.™

If you’re creating your newsletter strategy, you’re probably thinking about steps that can help your emails stay out of the spam folder and drive engagement among readers, including:

  • Choosing a reputable email service provider for sending emails.
  • Authenticating your emails using SPF and DKIM so inboxes know it’s really you sending those emails.
  • Turning on DMARC, which blocks spammers from impersonating your brand in the inbox.
  • Optimizing your templates for mobile devices.
  • Using segmentation to ensure you’re sending relevant emails to the right audience.

But if you’re a large brand or newsletter that sends a lot of email — tens or hundreds of thousands of emails per day — it might be time to add something else to your to-do list: Setting up BIMI.

BIMI, or Brand Indicators for Message Identification, is a tool that allows any brand to put its logo next to its name in the inbox. Check out the screenshot of the inbox below to see it in action:

In this image, several newsletters are listed, but there are logos next to the emails from two brands: Pew Research Center and The Philadelphia Inquirer

There are a few brands in there, but logos display only for the Pew Research Center and The Philadelphia Inquirer, which both use BIMI with their newsletters.

When a reader looks through their inbox, that logo might be the difference between your email getting opened or ignored. That alone might make BIMI worth setting up for your brand.

But turning on BIMI isn’t as simple as flipping a switch in your email service provider. It requires a real investment of time to set up, and there’s a financial cost to purchase the certificate needed to turn on BIMI.

So should you go through the work to set up BIMI? Let’s talk through a few questions and see if it makes sense for you.

Which inboxes will BIMI work with?

Yahoo — which actually includes both Yahoo Mail and AOL Mail — has long supported BIMI. In 2021, Gmail rolled out BIMI to all users, and in the fall of 2022, Apple began supporting BIMI on MacOS and in iOS16. Some regional inboxes, like France’s La Poste, also support BIMI.

The last major holdout is Microsoft — Outlook and Office don’t offer any BIMI support. 

But even without Microsoft, BIMI is supported by an overwhelming majority of companies that deliver email. Apple, Gmail, and Yahoo Mail are three of the four biggest email clients, according to an April 2023 report from Litmus. Combined, they control 89.9% percent of the email market.

What are the benefits of BIMI?

I’ve already mentioned the big one: A reader might see your logo before they open your email, which should lead to an increase in engagement.

Readers usually only see three things before they open a newsletter: Who it’s from, the subject line, and the preheader (or preview) text. Turning on BIMI gives you a fourth way to help your emails stand out in the inbox. 

But there’s a catch: Not every inbox will display your logo the same way. Here’s how the big three inboxes — Apple, Gmail, and Yahoo — will display your logo:

Data courtesy BIMIGroup.org

Gmail and Yahoo will display your logo in the main inbox, but only on their mobile apps.

Gmail and Yahoo will also show your logo when you open a newsletter on both desktop and mobile. 

Apple will show your logo, but only after you’ve opened a newsletter through its mobile app. It does not offer BIMI support for desktop.

I’ll note: There still is some value in seeing a logo after you’ve opened the email — like a validation checkmark on social media (at least on most platforms), it’s a reminder that your newsletter is really from you. In fall 2022, Yahoo added a verified checkmark for brands that have turned on BIMI, which displays once a reader opens an email, and Gmail started rolling out the same feature in May 2023.

Here’s what the verified checkmark looks like for a user in Gmail.

But while those inside-the-email logos and checkmarks are a nice touch, the thing any email marketer really wants is the logo displayed outside the inbox, which can lead to an increase in open rates.

Does BIMI actually make a difference?

This is where there’s no clear answer.

The big selling point with BIMI is that it leads to increased engagement — in particular, higher open rates. Some of the early testing done with BIMI showed impressive results. Verizon Media research in 2018, for example, showed that brands that used BIMI saw up to a 10% lift in engagement.

But then Apple’s Mail Privacy Protection feature came along.

Mail Privacy Protection, or MPP, was pitched to consumers as a privacy feature to keep their data safe from marketers. It kind of does that, but mostly, it muddles your data and makes it harder to understand.

Before MPP, you could feel reasonably confident that if your email service provider said a reader opened an email, they probably did. But MPP now “pre-fetches” emails for Apple users. If a reader has MPP turned on — 90% or more of Apple users do, per the latest Litmus data — and doesn’t open a newsletter, Apple will open it on their behalf. The effect is that many newsletters see significantly higher open rates than before — often 10 to 20% higher than before MPP.

All of this means that it’s far tougher to measure the true impact of BIMI. Did a reader open the email, or was it Apple? With the clients who’ve turned on BIMI, I haven’t seen a significant lift in open rates since MPP-inflated open rates make it difficult to understand what impact BIMI might be having.

So if we can’t see an increase in open rates, what’s the real benefit of BIMI?

Think of BIMI as the reward for setting up a more secure email program.

In order to turn on BIMI, you’ve first got to turn on DMARC. That’s an authentication standard that first rolled out in 2012. Other authentication tools, like SPF and DKIM, allow you to tell inboxes that you — not some scammer — are sending emails to your readers. But that didn’t solve a big problem: How do you stop a scammer from pretending to be you?

Brands like PayPal wanted a way to stop others from spoofing their domain — they wanted the inboxes to block any illegitimate emails that might come from, for instance, a paypal.com address. And that’s where DMARC comes in. Once you’ve turned it on, you can set what’s known as a “level of enforcement.” There are two levels of enforcement: “Quarantine,” which requires the inbox to send those illegitimate emails to the spam folder, or “Reject,” which blocks them from the inbox entirely.

Once you’ve got DMARC turned to enforcement, only legitimate emails from your domain will reach the inbox. And in order to turn on BIMI, you first have to have DMARC set to one of these two levels of enforcement.

Many brands get excited about BIMI because of the ability to display logos in inboxes. But the bigger thing, in my opinion, is that if you’ve turned on BIMI, it means you’ve also created a more secure email system as part of the process.

Is my newsletter a candidate for BIMI?

Here’s the easy question to determine this: Do you have a logo, and is that logo trademarked?

If yes, congrats! You’re probably a decent candidate for BIMI.

Right now, in order to use BIMI, you’ve got to have a trademarked logo, and — to make things a little more complicated — it has to be approved by one of these trademark offices:

  • Australia — IP Australia
  • Brazil — Brazilian National Institute of Industrial Property
  • Canada — Canadian Intellectual Property Office
  • Denmark — Danish Patent and Trademark Office
  • European Union — European Union Intellectual Property Office
  • France Institut National de la Propriété Industrielle
  • Germany — Deutsches Patent- und Markenamt
  • India — Office of the Controller General of Patents, Designs & Trade Marks Department for Promotion of Industry and Internal Trade Ministry of Commerce & Industry
  • Japan — Japan Trademark Office
  • New Zealand — Intellectual Property Office of New Zealand
  • South Korea — Korean Intellectual Property Office
  • Spain — Oficina Española de Patentes y Marcas
  • Sweden — Swedish Intellectual Property Office
  • Switzerland — Swiss Federal Institute of Intellectual Property
  • United Kingdom — UK Intellectual Property Office
  • United States — United States Patent and Trademark Office

If you’ve got an approved trademark that’s not from one of these offices, you can’t yet implement BIMI.

What happens if I don’t have a trademarked logo?

If you still want your logo to display next to your name in Gmail, I’d recommend using this hack — or creating a YouTube account with the email address you send from and adding a logo there. Either route should work. It won’t result in your logo being displayed in email clients like Apple or Yahoo, but it will work in Gmail.

Brands like The Newsette, The Skimm, The Flip Side, and The Peak aren’t using BIMI, but have found other routes to display their logos in Gmail.

What do I need to do to use BIMI?

There are a lot of steps to turn on BIMI, but the good news is: Going through the process will also help you authenticate and secure your domain in the process. Follow these steps, and you’ll be likelier to stay out of the spam folder — and be able to block spammers from spoofing your emails!

1.) Set up SPF (Sender Policy Framework) for your domain, and then set up DKIM (Domain Keys Identified Mail)

These are steps you should take no matter what in order to authenticate your domain and prove that your emails are actually coming from you! Every ESP has different guidelines for setting up SPF + DKIM. Here are the instructions if you’re on AWeber, Beehiiv, Campaign Monitor, ConvertKit, Mailchimp, or Salesforce, or ask your ESP for their step-by-step guide.

2.) Set up DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC’s designed so that if someone attempts to spoof your email address, an inbox like Gmail will recognize that the sender is illegitimate and block that email from ever landing in a subscriber’s inbox.

There are three different levels of enforcement for DMARC: None, quarantine, or reject. I recommend any brand that hasn’t turned on DMARC do the following:

  • Generate your DMARC record using this tool, and set the enforcement level to “none.”
  • Use this tutorial to add that DMARC record to your DNS.
  • Then set up a free tool like DMARC Monitor, and keep tabs on your DMARC status for a week or two. Right away, you’ll see if emails are passing through (a good sign!) or are getting blocked (not good!). You may discover, as many big organizations do, that you send email from a lot of different places, like your company’s HR software or Shopify, and you may need to go through the SPF/DKIM process for those senders before you change DMARC enforcement.
  • Do not — and I’m going to say the words “do not” again because it’s that important — change the enforcement level before you’ve authenticated all the legitimate senders of email. If you don’t authenticate those, the inboxes will block them, and those emails from HR or your Shopify store won’t reach the right people.
  • Once you’ve authenticated everything, go back to this tool, update the enforcement level to “quarantine,” and update your DNS with the new record. Remember: BIMI will only work if your enforcement level is at “quarantine” or “reject.”

3.) Generate a BIMI record

A key part of the process is setting up a BIMI record, which is a little bit of code to tell the inbox what information to show once you get fully BIMI certified. You can use this guide to generate the record. You’re going to need to convert your logo into an .svg file, and this guide can help you with that step.

4.) Apply for a trademark

Here’s a useful guide to walk you through the trademark process. If you’ve already trademarked your logo, make sure you have all the paperwork to prove it.

5.) Apply for a VMC (Verified Mark Certificate)

This is the very last step in the process. There are currently only two companies selling VMCs: DigiCert and Entrust. Buying a certificate from DigiCert costs $1,499 per year, and one from Entrust costs $1,299 per year. Of note: Entrust offers a small discount if you purchase the certificate for multiple years — buying five years of certificates would save you about $100 per year over those five years — and allows you to apply the certificate to a second domain for $499 per year. For instance: I own both inboxcollective.com and danoshinsky.com. If I wanted one VMC to apply to both, I could purchase the VMC for inboxcollective.com and then pay the additional fee to apply it to danoshinsky.com, too.

Of note:

  • If you have multiple logos that you want to display next to specific emails, you’ll need to apply for multiple VMCs.
  • You’ll need to renew your VMC every year.

You can apply for a VMC through DigiCert here and Entrust here.

Something else you should know: As part of the process, Entrust or DigiCert will go through and verify all of your information: SPF and DKIM, proof of DMARC enforcement, your BIMI record, and proof of trademark. But to make sure that you’re a legitimate sender and not a spammer, they’ll also take two additional steps: A video chat with you to prove that you’re a human; and that you get paperwork notarized in person by a notary that they choose. (Google required this when BIMI first rolled out for Gmail.)

If you want to go deeper down the BIMI rabbit hole, check out the official BIMI site here.

(One more thing Inbox Collective isn’t an affiliate of either of these companies. We receive no commission for buying a certificate through either DigiCert or Entrust — we’re just trying to make it easier for you to get the answers and resources you need!)

So should I actually set up BIMI?

If you’re a large business or a major sender of emails, you probably should. It’s not guaranteed to lead to higher open rates or deeper engagement among readers, but think of it this way: Would you pay $1,299 or $1,499 a year for the chance to increase open rates by a few percentage points for every email you send? For a large business, that’s a small price to pay for increased engagement, even if it’ll be tough to truly measure the impact of BIMI.

And you should be setting up all of these authentication tools — SPF, DKIM, and DMARC — anyway. If getting your logo in the inbox is the carrot that convinces your team to go through the process of making your newsletters more secure, that’s still a win.

Here's a decorative image of three animals: An owl, a flamingo, and a seahorse
Thanks to our sponsor
The stories you’re reading on inboxcollective.com are made possible thanks to the generous support of our spring sponsor, Litmus. They’re an all-in-one marketing platform that empowers you to build, test, review, and analyze emails more effectively than ever so you can get the most out of every send. Learn why 700,000+ professionals trust Litmus to make every send count.

By Dan Oshinsky

Dan runs Inbox Collective, a consultancy that helps news organizations, non-profits, and independent operators get the most out of email. He specializes in helping others build loyal audiences via email and then converting that audience into subscribers, members, or donors.

He previously created Not a Newsletter, a monthly briefing with news, tips, and ideas about how to send better email, and worked as the Director of Newsletters at both The New Yorker and BuzzFeed.

He’s been a featured speaker at events like Litmus Live in Boston, Email Summit DK in Odense, and the Email Marketing Summit in Brisbane. He’s also been widely quoted on email strategies, including in publications like The Washington Post, Fortune, and Digiday.