• Sp chevron_right

      BIMI: ISP Support as of January 2022

      pubsub.slavino.sk / spam_resource · Monday, 17 January, 2022 - 13:00 · 4 minutes

    It

    It's time for your periodic BIMI adoption status update.

    A quick overview of what this is all about: BIMI is a standard being adopted by multiple internet services providers (ISPs) to allow the display of a sender's logo along side email messages, when displayed on a mobile device or in a webmail client. Some ISPs and mail clients have had a sender logo display function for a while now (one example is Gravatar ), but BIMI is an attempt to standardize and regulate this mechanism across the email ecosystem.

    Adoption by senders seems a bit slow; but the spec only went public in 2019, which isn't that long ago. Also, it suffers a bit from the "chicken and egg" problem -- it's hard to convince senders to adopt the standard if receivers haven't adopted support for the standard. But now with two of the top three B2C mailbox providers (Yahoo and Gmail) having BIMI support, I'm guessing that we'll start to see more adoption of BIMI by senders.

    BIMI.jpeg

    Here's the current status of BIMI Support at large ISPs, email hosting and webmail providers:

    1. Gmail: Yes, supports BIMI! Requires VMC. ( Find more info here .)
    2. Yahoo (ex-Verizon): Yes, supports BIMI. Does not require VMC. ( More info here .)
    3. Fastmail : Yes, supports BIMI! ( More info here .)
    4. Considering BIMI Support: Comcast and Seznam.cz. ( More info here .)
    5. Microsoft: Has no support for BIMI.

    Gmail. In July 2020, Google announced their intent to support BIMI . In July 2021, Google announced that they were rolling out BIMI support over the coming weeks . Per the BIMI spec, Google requires that senders implement a Verified Mark Certificate (VMC), available from DigiCert or Entrust (and possibly others). It sounds like obtaining this VMC will require that a sender have trademarked their logo , which could be a significant barrier for smaller or hobbyist senders.

    Yahoo (AOL/Yahoo/Verizon). Has support for BIMI. For a logo to display, the following conditions must be met: A BIMI record exists which points to a valid logo in SVG format, a DMARC policy of quarantine or reject is in place, the mailing is sent to large number of recipients (bulk mail), and they see sufficient reputation and engagement for the email address. They have a dedicated support page for BIMI and also have a contact address for questions/issues ( click here and search for "BIMI" on the page).

    Microsoft Outlook.com (Hotmail). Microsoft has not announced any support for BIMI. A competing system called "brand cards" has likely been abandoned; multiple folks have told me that they have been unable to get enough information on how to implement a "brand card." There's no opportunity here at the present time, unfortunately. If that changes, I'll post an update.

    So what should you do now? Here's what I would recommend large marketing senders do:

    1. Make sure all email you send is authenticated with both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication. (All mail -- not just bulk or newsletter mail. Your ESP , corporate email platform (or both) should be able to help you do that.)
    2. Implement DMARC, perhaps working with a vendor like dmarcian , Agari , Valimail , ProofPoint or Red Sift . (Disclaimer: I work for Kickbox , and we've got DMARC monitoring in our deliverability tool suite as well. I am a happy user of it myself!) Partnering with a vendor to provide monitoring and reporting helps you know whether or not it is safe to move on to the next step -- ensuring that you're not going to accidentally tell ISPs to block your legitimate mail.
    3. Move to a restrictive "p=reject" DMARC policy after your DMARC reporting shows that you properly authenticate all of your mail streams. Don't do this just for the future logo opportunity -- do it because it makes it harder for bad guys to send fake mail pretending to be from your email domain name.
    4. Trademark your logo and obtain a Verified Mark Certificate. Wondering what this whole VMC thing is all about? Here's a primer . Ready to obtain a VMC? You could go directly to DigiCert or Entrust, or look for help from Mailkit via their NOTAMIQ service or Red Sift.
    5. Learn how to create the BIMI logo file. You can find more information here .
    6. Understand that things are still developing. More ISPs could announce support in the future, and how they, or existing ISPs, will enforce the spec could evolve. Stay knowledgable and be flexible and be able to evolve.
    Wondering who has implemented a BIMI logo? I've put together a little BIMI logo look up tool on KBXSCORE . Plus in your favorite domain name and see what it can find. Here's a couple of logos to get you started.

    And now...you are BIMI aware! Go forth and spread that logo.

    (Disclaimer; this is not a paid post as far as consideration or compensation changing hands, but I did mention my employer above, so I'm mentioning that again here to be as transparent as I possibly can.)

    Značky: #gmail, #microsoft, #bimi, #seznam, #comcast, #Network, #brandimage, #brandavatar, #verizon, #yahoo, #fastmail

    • Sp chevron_right

      BIMI: ISP Support as of August 2021

      pubsub.slavino.sk / spam_resource · Friday, 20 August, 2021 - 12:00 · 3 minutes

    BIMI.jpeg

    It's been a while since I've posted a BIMI status update, and things are changing! Things are standardizing! Things are getting good. So, let's get right to it...

    BIMI, if you do not remember, is a new standard being adopted by multiple internet services providers (ISPs) to allow the display of a sender's logo along side email messages, when displayed on a mobile device or in a webmail client. Some ISPs and mail clients have had a sender logo display function for a while now (one example is Gravatar ), but BIMI attempts to standardize and regulate this process across the email ecosystem.

    Here's the current status of BIMI Support at large ISPs, email hosting and webmail providers:

    1. Verizon: Yes, supports BIMI.
    2. Gmail: Yes, supports BIMI! Requires VMC. Find more info here .
    3. Fastmail : Noted as having support ( here ) but I have no more details at this time.
    4. Considering BIMI Support: Comcast and Seznam.cz. ( More info here .)
    5. Microsoft: No support announced.

    Verizon Media (AOL/Yahoo/Verizon). Has support for BIMI. For a logo to display, the following conditions must be met: A BIMI record exists which points to a valid logo in SVG format, a DMARC policy of quarantine or reject is in place, the mailing is sent to large number of recipients (bulk mail), and they see sufficient reputation and engagement for the email address. They also have a contact address for questions/issues ( click here and search for "BIMI" on the page).

    Gmail. In July 2020, Google announced their intent to support BIMI . In July 2021, Google announced that they were rolling out BIMI support over the coming weeks . Per the BIMI spec, Google requires that senders implement a Verified Mark Certificate (VMC), available from DigiCert or Entrust (and possibly others). It sounds like obtaining this VMC will require that a sender have trademarked their logo , which could be a significant barrier for smaller or hobbyist senders.

    Microsoft Outlook.com (Hotmail). Microsoft has not announced any support for BIMI. A competing system called "brand cards" has possibly been abandoned; multiple folks have told me that they have been unable to get enough information on how to implement a "brand card." There's no opportunity here at the present time, unfortunately.

    So what should you do now? Here's what I would recommend large marketing senders do:

    1. Make sure all email you send is authenticated with both SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail) authentication. (All mail -- not just bulk or newsletter mail. Your ESP , corporate email platform (or both) should be able to help you do that.)
    2. Implement DMARC, perhaps working with a vendor like Agari , Valimail , ProofPoint or Red Sift . A DMARC-savvy email security vendor can help you properly configure email authentication, configure DMARC failure monitoring, show you how to read DMARC failure reporting, and give you confidence that you're not going to break anything if you implement a restrictive DMARC policy.
    3. Move to a restrictive "p=reject" DMARC policy after your DMARC reporting shows that you properly authenticate all of your mail streams. Don't do this just for the future logo opportunity -- do it because it makes it harder for bad guys to send fake mail pretending to be from your email domain name.
    4. Trademark your logo and obtain a Verified Mark Certificate. You could go directly to DigiCert or Entrust, or look for help from Mailkit via their NOTAMIQ service or Red Sift.
    5. Understand that things are still developing. More ISPs could announce support in the future, and how they, or existing ISPs, will enforce the spec could evolve. Stay knowledgable and be flexible and able to evolve.
    And now you know as much (or maybe more) about BIMI than I do. Good luck!

    Značky: #yahoo, #seznam, #bimi, #fastmail, #verizon, #comcast, #Network, #microsoft, #gmail