Everything you ever wanted to know about Branded Indicators for Message Identification (BIMI)
Branded Indicators for Message Identification (BIMI) is an industry standardization effort that brands and ESPs will love, according to Thede Loder, Chair of the Authindicators Working Group (BIMI) and Senior Director with Agari Data Inc. Brands will want to use BIMI, and ESPs will want to be able to support their customers to use it. The project is concerned with producing a set of technical specifications and ensuring the development of a desirable business ecosystem for the safe and ubiquitous use of brand logos as visual identities.
Currently, there is no dominant standard for the way images can be integrated into third-party applications. Logos are already incorporated into many apps, but BIMI takes a different approach: in mobile email applications, the BIMI logo is not in the body of the email, and is not part of the email message. It is basically a library of authenticated, certified, brand logos published through the DNS, that will only display in authentic emails from that brand. Furthermore, the logos are registered trademarks, meaning that the BIMI standard would help to protect brands from impersonation attacks associated with phishing, for example.
In a nutshell, Thede Loder explained that BIMI means that, rather than hoping application developers will use the correct logo in the correct format, brands can publish the right logo, which is then updated for all third-party apps. In a re-branding activity, previously, brands would need to go out and find every example of the old logo individually to have it changed to the new logo. In addition, while many platform providers curate their own libraries of logos, these can only deal with the biggest brands, as the cost of maintenance becomes prohibitive for the inclusion of smaller brands. BIMI is accessible to all brands, and levels up the playing field. Brands that the Authindicators Working Group (BIMI) have talked to say they want it.
Loder sees the benefits of BIMI for senders and brands as being:
- • Immediate brand recognition. BIMI will provide billions of impressions in third-party apps that they don’t get today.
- • Improved user experience
- • Ensuring the logo is current and consistent across platforms
- • Removal of the risks associated with searching for logos manually: that it is not current, not authentic, the wrong brand
- • Trustworthy high-quality logos
From the other side, Loder sees the benefits for messaging and application providers:
- • Standardization economics – does away with the need to curate own library of logos
- • Authentic logos self-published by brands – removes the legal risks from platform operators
- • BIMI will drive adoption of best sending practices and authentication
- • Costs involved for app provider to build and curate trustworthy and inclusive database of quality logos
- • Lack of adequate safeguards to prevent impersonation attacks
- • Uncertain risk of selecting trademarks (and being wrong) or being sued for using a logo without permission
According to Loder, BIMI removes these barriers by shifting costs for proof of ownership or for license to use to brands (enabling long tail coverage); by allowing smaller brands to actually be included; and by shifting platform provider risks to other players. BIMI can also accommodate changes based on court decisions, making it possible to quickly and easily update images and clarify ownership through the DNS record.
How it works – technically
For a Brand:
- • obtain a BIMI certification, through an auditing process
- • identify the logo file, publish it in the DNS as a BIMI-specified DNS TXT record for their domain
For a mailbox provider
- • receive message, verify authenticity, fetch DNS record, acquire location of logo and fetch it, check the certificate to see if it looks legitimate
Why BIMI will succeed
Loder is convinced that BIMI will succeed, because the creators are designing BIMI like a product that is meant to sell. This is being achieved by trying to make sure that all organizations have a benefit, which is important to make a complex ecosystem work. This ecosystem includes email service providers, marketing service providers, the PKI industry, certificate authorities, and email authentication providers.
BIMI is currently being trialed on Oath, and brands interested in participating can contact the working group.