How Do I Build and Publish a BIMI DNS Record?

The recent announcement of the Brand Indicators for Message Identification (BIMI) pilot with Oath has generated an immense amount of interest from businesses who have already reached full DMARC enforcement on their primary email-sending domains and are looking to experience the additional benefits that DMARC can provide, such as preventing phishing in the form of brand spoofed emails and better deliverability of your legitimate marketing messages.

BIMI-mobile-inbox

Step 1: Gain consensus Engaging with your trademark or intellectual property stakeholders to gain consensus is the first critical step to participate in the BIMI pilot. Internal groups responsible for managing brand impressions and logos will have a major part to play when it comes to deciding where and when logos are presented to customers. Based on our shared experiences, this initial step is easily overcome once a clear and concise explanation of BIMI’s benefits are provided. Marketing departments are usually quite enthusiastic about opportunities to increase the exposure and reinforce their brand impressions at no additional cost.

Step 2: Create a Supportable Logo The pilot requires an SVG formatted logo that is an exact square. After a few attempts, we’ve determined that this shape and format is this most reliable and versatile version to be used in the pilot and that can be utilized as BIMI adoption proceeds.

Agari BIMI Logo

Step 3: Create and test the BIMI Record The next critical step is creating a BIMI record to be placed within your DNS records. The BIMI record is a type of DNS Resource Record (DNS RR) in the same manner as an MX, DMARC or DKIM record. Specific domains are required to have their own individual BIMI record. This allows specific domains to have specifically attributable logos. It also allows brands to change the logo frequently for specific events or holidays on the same domain.

This capability supports businesses with multiple brands, subsidiaries and when, for example, internal business units have their own domains and logos. For example, if a Human Resources department has a unique domain and logo they use for recruiting purposes, recruiting emails can use the chosen unique logo. BIMI does not force a “one-logo fits the entire business” model. Different domains and brands can be represented by different logos. Although the BIMI pilot with Oath (Yahoo) only supports one logo per root domain, the ability to support unique logos for sub-domains will be part of the eventual standard.

Several technical considerations should be made when constructing the actual BIMI DNS record. Initially, the record should be published in a zone named “default._bimi”, located directly under the second level domain (assuming foo.com as the desired second level domain, the BIMI TXT entry sits at default._bimi.foo.com). Its contents are a fixed version string “v=BIMI1” followed by a separator (; and optional space) and then an ‘l=‘ tag.

The tags are modeled after DKIM tags (and similarly, ‘;’ is the separator). The l= tag value is a full URL or up to two URLs separated by a comma (,). The “l”character in the tag is a “lower case L”. Using another character may impact the record being correctly interpreted. The tag should point to the URL with the HTTPS-accessible SVG image file that contains a vector representation of your preferred logo. You will need to arrange for hosting or serving of an image file that contains your preferred logo if you do not already have it in a place where it is publically accessible via HTTPS. The URL of the location of this logo file must be placed into the BIMI Assertion Record, a DNS record specific to BIMI.

Here is a example of a BIMI TXT record: v=BIMI1; l=https://images.example.com/somedir/logo.svg;

Quick BIMI Record Publishing Checklist

  1. Publish in zone named default._bimi
  2. Locate it directly under the second level domain
  3. Confirm v=BIMI1 is followed by the semi-colon (;) separator
  4. Confirm I=tag is present followed by a full URL (l is a lower case L)
  5. Update your DNS Record for the domain of your choice

Once you’ve followed and completed the steps of achieving buy-in from your marketing or internal department responsible for managing brand impressions and publishing a correctly constructed BIMI record, you’ll be able to begin experiencing the benefits of hundreds or thousands of new brand impressions along side of your most business critical customer communication channel: email. Each time a customer opens your legitimate email, the presence of your logo only enhances their trust in you and adds to the value of your brand in their eyes.