It's time for your periodic BIMI adoption status update.

A quick overview of what this is all about: BIMI is a standard being adopted by multiple internet services providers (ISPs) to allow the display of a sender's logo along side email messages, when displayed on a mobile device or in a webmail client. Some ISPs and mail clients have had a sender logo display function for a while now (one example is Gravatar ), but BIMI is an attempt to standardize and regulate this mechanism across the email ecosystem.

Adoption by senders seems a bit slow; but the spec only went public in 2019, which isn't that long ago. Also, it suffers a bit from the "chicken and egg" problem -- it's hard to convince senders to adopt the standard if receivers haven't adopted support for the standard. But now with two of the top three B2C mailbox providers (Yahoo and Gmail) having BIMI support, I'm guessing that we'll start to see more adoption of BIMI by senders.

Here's the current status of BIMI Support at large ISPs, email hosting and webmail providers:

1. Gmail: Yes, supports BIMI! Requires VMC. ( Find more info here .)
2. Yahoo (ex-Verizon): Yes, supports BIMI. Does not require VMC. ( More info here .)
3. Fastmail : Yes, supports BIMI! ( More info here .)
4. Considering BIMI Support: Comcast and Seznam.cz. ( More info here .)
5. Microsoft: Has no support for BIMI.

Gmail. In July 2020, Google announced their intent to support BIMI . In July 2021, Google announced that they were rolling out BIMI support over the coming weeks . Per the BIMI spec, Google requires that senders implement a Verified Mark Certificate (VMC), available from DigiCert or Entrust (and possibly others). It sounds like obtaining this VMC will require that a sender have trademarked their logo , which could be a significant barrier for smaller or hobbyist senders.

Yahoo (AOL/Yahoo/Verizon). Has support for BIMI. For a logo to display, the following conditions must be met: A BIMI record exists which points to a valid logo in SVG format, a DMARC policy of quarantine or reject is in place, the mailing is sent to large number of recipients (bulk mail), and they see sufficient reputation and engagement for the email address. They have a dedicated support page for BIMI and also have a contact address for questions/issues ( click here and search for "BIMI" on the page).

Microsoft Outlook.com (Hotmail). Microsoft has not announced any support for BIMI. A competing system called "brand cards" has likely been abandoned; multiple folks have told me that they have been unable to get enough information on how to implement a "brand card." There's no opportunity here at the present time, unfortunately. If that changes, I'll post an update.

So what should you do now? Here's what I would recommend large marketing senders do:

1. Make sure all email you send is authenticated with both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication. (All mail -- not just bulk or newsletter mail. Your ESP , corporate email platform (or both) should be able to help you do that.)
2. Implement DMARC, perhaps working with a vendor like dmarcian , Agari , Valimail , ProofPoint or Red Sift . (Disclaimer: I work for Kickbox , and we've got DMARC monitoring in our deliverability tool suite as well. I am a happy user of it myself!) Partnering with a vendor to provide monitoring and reporting helps you know whether or not it is safe to move on to the next step -- ensuring that you're not going to accidentally tell ISPs to block your legitimate mail.
3. Move to a restrictive "p=reject" DMARC policy after your DMARC reporting shows that you properly authenticate all of your mail streams. Don't do this just for the future logo opportunity -- do it because it makes it harder for bad guys to send fake mail pretending to be from your email domain name.
4. Trademark your logo and obtain a Verified Mark Certificate. Wondering what this whole VMC thing is all about? Here's a primer . Ready to obtain a VMC? You could go directly to DigiCert or Entrust, or look for help from Mailkit via their NOTAMIQ service or Red Sift.
5. Learn how to create the BIMI logo file. You can find more information here .
6. Understand that things are still developing. More ISPs could announce support in the future, and how they, or existing ISPs, will enforce the spec could evolve. Stay knowledgable and be flexible and be able to evolve.

Značky: #gmail, #microsoft, #bimi, #seznam, #comcast, #Network, #brandimage, #brandavatar, #verizon, #yahoo, #fastmail

Looking for guidance on how to create your BIMI logo file? Valimail has a pretty good guide that explains the requirements and they also explain what to keep in mind when creating your BIMI graphic SVG file. Starting with:

• Square
• SVG Tiny Portable/Secure format
• Solid background
• Published via HTTPS

SVG meaning a Scalable Vector Graphics file, and particular type of SVG called SVG Tiny Portable/Secure (SVG P/S) . The image has to truly be a vector graphic ; the overall SVG spec does allow you to embed a bitmap in a file but this isn't allowed for SVG P/S or BIMI usage.

The Valimail guide goes on to explain how to manually edit the SVG file to convert it to the SVG P/S spec. But if you don't feel like editing XML files by hand, download this converter application that the BIMI (AuthIndicators) Working Group has shared here. I've used the Macintosh version and it works fine. (You may need to tell your Mac that it's OK to run this application.)

I used the tool to create a BIMI logo for XNND.com , just to see if I could do it. I don't have a VMC and I send a very low volume of mail, so I don't expect it to show up anywhere, but at least it was pretty easy to do.

Značky: #bimi, #xnnd, #valimail, #howto, #Network

I've got just enough time for a quick post today, to share with you this very useful DMARC Dictionary put together by the fine folks at dmarcian . Check it out ! And since that would make for a very short blog post, here's four bonus online resources that you might also want to bookmark, if you didn't already know about them:

• The ISP Information page from Laura Atkins and Steve Atkins over at Word to the Wise , where they've collected info on which ISPs offer ISP Feedback Loops (FBLs), which ones have Postmaster information pages, help/support ticketing systems, etc.
• My new friends at Kickbox (disclaimer: they are my employer) have put together this great "Developer's Guide to Email" website that you are going to find quite useful if you are looking to learn more about email technology or study how it all comes together.
• Postmark's SMTP Field Manual allows you to look up example bounce messages for different ISPs, often with links to more information about a particular ISP's spam filtering.
• And finally, my very own XNND.com , a simple site that lets you DNS lookups and check various things about an IP address or domain name. (Like, does a domain have a DMARC or BIMI record?) Very recently, I moved XNND to Amazon's AWS EC2 platform, to make it faster, and I've got plans to add more features in the future, including re-incorporating my spamtrap data into lookups. (And you should give me your feedback on what else you think I should add to it!)

Happy Friday and happy bookmarking!

Značky: #dmarcian, #kickbox, #dmarc, #useful, #wttw, #Network, #postmark, #guide, #bimi, #xnnd

Timely. Here is " Everything you need to know about BIMI and validated mark certificates, how they increase brand trust, and which companies have adopted them ," courtesy of World Trademark Review. This analysis, authored by Jeremy Speres, partner at Spoor & Fisher, provides great detail into BIMI/VMC state and status and what senders need to know to be able to move forward with their own BIMI plans.

I learned a lot from reading this and I think you will, too!

[ H/T: Brian Westnedge from Red Sift ]

Značky: #bimi, #Network, #vmc

It's been a while since I've posted a BIMI status update, and things are changing! Things are standardizing! Things are getting good. So, let's get right to it...

BIMI, if you do not remember, is a new standard being adopted by multiple internet services providers (ISPs) to allow the display of a sender's logo along side email messages, when displayed on a mobile device or in a webmail client. Some ISPs and mail clients have had a sender logo display function for a while now (one example is Gravatar ), but BIMI attempts to standardize and regulate this process across the email ecosystem.

Here's the current status of BIMI Support at large ISPs, email hosting and webmail providers:

1. Verizon: Yes, supports BIMI.
2. Gmail: Yes, supports BIMI! Requires VMC. Find more info here .
3. Fastmail : Noted as having support ( here ) but I have no more details at this time.
4. Considering BIMI Support: Comcast and Seznam.cz. ( More info here .)
5. Microsoft: No support announced.

Verizon Media (AOL/Yahoo/Verizon). Has support for BIMI. For a logo to display, the following conditions must be met: A BIMI record exists which points to a valid logo in SVG format, a DMARC policy of quarantine or reject is in place, the mailing is sent to large number of recipients (bulk mail), and they see sufficient reputation and engagement for the email address. They also have a contact address for questions/issues ( click here and search for "BIMI" on the page).

Gmail. In July 2020, Google announced their intent to support BIMI . In July 2021, Google announced that they were rolling out BIMI support over the coming weeks . Per the BIMI spec, Google requires that senders implement a Verified Mark Certificate (VMC), available from DigiCert or Entrust (and possibly others). It sounds like obtaining this VMC will require that a sender have trademarked their logo , which could be a significant barrier for smaller or hobbyist senders.

Microsoft Outlook.com (Hotmail). Microsoft has not announced any support for BIMI. A competing system called "brand cards" has possibly been abandoned; multiple folks have told me that they have been unable to get enough information on how to implement a "brand card." There's no opportunity here at the present time, unfortunately.

So what should you do now? Here's what I would recommend large marketing senders do:

1. Make sure all email you send is authenticated with both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication. (All mail -- not just bulk or newsletter mail. Your ESP , corporate email platform (or both) should be able to help you do that.)
2. Implement DMARC, perhaps working with a vendor like Agari , Valimail , ProofPoint or Red Sift . A DMARC-savvy email security vendor can help you properly configure email authentication, configure DMARC failure monitoring, show you how to read DMARC failure reporting, and give you confidence that you're not going to break anything if you implement a restrictive DMARC policy.
3. Move to a restrictive "p=reject" DMARC policy after your DMARC reporting shows that you properly authenticate all of your mail streams. Don't do this just for the future logo opportunity -- do it because it makes it harder for bad guys to send fake mail pretending to be from your email domain name.
4. Trademark your logo and obtain a Verified Mark Certificate. You could go directly to DigiCert or Entrust, or look for help from Mailkit via their NOTAMIQ service or Red Sift.
5. Understand that things are still developing. More ISPs could announce support in the future, and how they, or existing ISPs, will enforce the spec could evolve. Stay knowledgable and be flexible and able to evolve.

Značky: #yahoo, #seznam, #bimi, #fastmail, #verizon, #comcast, #Network, #microsoft, #gmail

Editor's note: I invited Red Sift to share this info here, because many folks are wondering where to go for help on how to implement BIMI (with VMC) . I admit that this content is a bit sale-sy in nature, but I'm going to allow it to help broaden our knowledge and also, I like the idea of helping to enable and support the email trust and deliverability ecosystem. No consideration changed hands for this post. -- Al Iverson

Red Sift and Entrust are offering the first and only end-to-end BIMI solution: find out more

Značky: #vmc, #Network, #entrust, #bimi