Brand Indicators for Message Identification (BIMI) is an email standard that allows the use of brand logos and verification seals in emails sent to customers, proving that the email is authentic from that organization.
To display the logo and the verification seal, several procedures are required, including correctly configured SPF, DKIM, and DMARC records in the domain, inclusion of the BIMI TXT record in the domain, and the most bureaucratic part: creating an SVG logo of your trademark and acquiring a trademark certificate (VMC), which is a digital certificate issued by a certification authority that verifies ownership of the logo.
At the moment, only DigiCert and Entrust Datacard are issuing the certificates. The investment amount is $1,499.00. In other words, there is already a monopoly of two companies issuing digital certificates.
In addition, the low uptake by email providers puts the logo’s display in doubt. See the list of providers that support the protocol, according to the BIMI Group.
| Location | Mailbox Provider (MBP) | Webmail | Mobile App |
| An Open Email Message (by the From Name) | Apple | ✓ | |
| Fastmail | ✓ | ✓ | |
| Gmail | ✓ | ✓ | |
| La Poste | ✓ | ||
| Yahoo | ✓ | ✓ | |
| Zone | ✓ | N/A | |
| Inbox List (by the Subject Line) | Apple | ||
| Fastmail | |||
| Gmail | ✓ | ||
| La Poste | ✓ | ||
| Yahoo | ✓ | ||
| Zone | ✓ | N/A |
Source: bimigroup.org
The absence of Microsoft, including Outlook and Office 365, considering its size and number of clients, is strange, don’t you think?
Finally
The AuthIndicators Working Group, responsible for BIMI, was founded in 2019 and is made up of representatives from various organizations, including email service providers, email clients, and individual participants.
The group is focused on developing and promoting the use of BIMI, with the aim of making it a standard part of the email ecosystem to ensure email security and authenticity. However, the requirement for a registered trademark and a VMC certificate may impact the uptake of the protocol by small companies, due to the absurdly high cost of acquiring a VMC.
If the aim is to guarantee the authenticity of the email, the requirement for a registered trademark alone would be sufficient, as it would be difficult for someone to register a trademark in order to carry out scams, since it would be easy to identify the owner of that trademark with the body responsible for the registration.
A VMC certificate guarantees more reliability and adds another layer of security to email, but the high price of $1,499.00 per year only fits into the budget of large companies or corporations.
Proof of this is the low uptake of the protocol even four years after its launch. How many emails have you received with the company logo and verification seal? Amazon, TikTok, and Badoo are large corporations that have already signed up for the protocol, but you will only see the logo and verification seal if your email provider is compatible.
(Photo: Adamy Gianinni)
As BIMI is a novelty, an emerging security technology, perhaps in the future this feature will become “accessible” as more digital certificate issuing companies join and the price of issuing the VMC is reduced. So far, only DigiCert and Entrust Datacard are benefiting from the absurd prices for issuing the few VMCs requested. Maybe that’s why there has been so little take-up of the protocol.