How to Get BIMI and Gmail’s Blue Verification Badge for Your Email

When it comes to enhancing the authenticity and security of your emails, implementing BIMI can be a crucial step. BIMI allows organizations to display their logo on emails as a verification mark in supported email clients like Gmail, which not only helps protect the brand against impersonation but also increases user trust. In this post, we’ll explain what BIMI is and guide you through the steps to get the BIMI verification mark for your emails.

What is BIMI?

BIMI (Brand Indicators for Message Identification) is a standard for increasing the security of incoming email messages. It emerged in 2021 as a response to phishing, spoofing, and fraudulent emails, aiming to make sent emails safer for recipients.

With BIMI, companies can display their logos on emails next to the sender’s name. BIMI verifies that the email is genuinely from the sender it claims to be. The BIMI protocol is supported by Google, Yahoo, Fastmail, and ESPs like MDirector.

In May 2023, Google introduced a new security feature: the blue verification badge. This badge indicates that Google has validated the sender’s identity, meaning that emails sent from that account are authentic and from a trusted source.

Steps to get BIMI and the blue verification badge

Obtaining BIMI and Gmail’s verification badge is a long process that requires patience and adherence to all necessary steps.

1. Preliminary Stage

• Configuring SPF, DKIM, and DMARC security protocols is absolutely mandatory. Specifically, DMARC must be set to either “quarantine” or “reject” (p=quarantine or p=reject).
• You must register an international trademark for all variations of your logo. It’s advisable to register as many logos as possible because only one registered logo can be used for BIMI.

2. Implementing BIMI

The steps are as follows:

1. Create and upload an SVG file of your brand logo to your public web server via HTTPS. The file size must not exceed 32 KB, it should be square-shaped, the background cannot be transparent, and a solid color is recommended. It’s important to note that during the VMC certification process, only the logo as registered in the trademark will be accepted. Additionally, once BIMI is implemented, all emails sent from your corporate addresses will include the logo (if your employees previously had photos, these will be replaced by the company logo).
2. Add the TXT record for BIMI to your domain’s DNS host.
3. Once implemented, you can verify the existing BIMI using the BIMI Generator Inspector tool.

This is how the records for our domain Mdirector.com look like:

3. Obtaining the Verified Mark Certificate (VMC)

The VMC (Verified Mark Certificates) is a digital certificate that confirms the authenticity of your logo and that you are its rightful owner. To obtain this certificate, you need to contact a brand verification organization, but you must already have your trademark registered. During the VMC process, your company’s authenticity will be thoroughly verified.

Currently, only two organizations are authorized to provide VMCs: Digicert and Entrust. Keep in mind that the VMC can cost over $1,000 for the first year.

During the VMC process, you’ll need to confirm compliance with all protocols (SPF, DKIM, and DMARC) and have your brand and company logos registered. Additionally, you will need to:

• Complete the order request and provide all required documentation.
• Carefully follow all instructions and recommendations provided by these organizations.
• You may receive a phone call to verify the validity and authenticity of the information provided.
• To rule out the use of deep fakes, you may be asked to provide relevant IDs and complete the required actions.

After obtaining the VMC, you must create a DNS record pointing to the files provided to finalize the BIMI approval process.

(Fuente: BIMI Group)

4. Obtaining Gmail’s Blue Verification Badge

The blue badge is only available once all the prior requirements have been met: obtaining the VMC and implementing BIMI. The blue badge will generate a lot of trust among your email recipients.

This increased trust could translate into higher open rates in email clients that support BIMI; and in the case of Gmail, with the blue verification badge. However, it cannot be categorically stated that open rates and conversion rates will improve solely because of BIMI and the blue badge.

Benefits of Getting BIMI

The audience remembers a logo better the more they interact with it. BIMI and the blue verification badge function similarly to the blue verification badges seen on social platforms like Twitter, Instagram, or LinkedIn. Essentially, it’s a symbol that the account is verified and truly belongs to the person whose name is displayed. Some benefits of BIMI include:

1. Helping your subscribers identify authenticated messages from your company, distinguishing them from fraudulent emails.
2. Making your emails stand out in the recipient’s inbox, offering greater brand visibility; additionally, the logo next to the sender’s name will increase brand recognition.
3. BIMI can indirectly positively impact deliverability by enhancing the sender’s reputation, potentially increasing open rates, as it signals to various email clients that their emails should not be placed in the spam folder.

In short, adopting additional authenticators like BIMI and the blue verification badge not only strengthens email marketing security but also fosters trust between businesses and their customers. Moreover, BIMI encourages companies to adopt responsible and transparent practices in their digital communications, promoting a more reliable and secure email ecosystem for everyone.

BIMI challenges: Considerations

It’s important to note that this standard may still be subject to change and improvement over time.

Additionally, its implementation varies:

• Google requires VMC certification and displays the additional blue verification badge.
• Other email clients do not require VMC certification but do display the logo (e.g., Fastmail).
• BIMI is not compatible with Microsoft, among others.

BIMI implementation has the potential to create a safer and more trustworthy email environment for everyone, similar to the impact of the shift to HTTPS on the web. It’s important to highlight that companies adopting BIMI already have SPF, DKIM, DMARC, and other protocols properly configured. Ultimately, BIMI serves as an indicator that the necessary steps have been taken to ensure email security. While BIMI implementation comes with a cost, it would be interesting to see BIMI become more accessible for companies that already follow the best practices needed for its implementation.

Conclusions: Safeguard Your Brand and Build Trust with BIMI and Gmail’s Blue Badge

In today’s digital landscape, protecting your brand and your customers’ security is crucial. Implementing BIMI, obtaining the Verified Mark Certificate (VMC), and the Gmail blue badge can be powerful tools to achieve this.

1. Protection Against Counterfeiting and Scams:

BIMI and the blue badge can act as shields for your brand, offering a highly visual verification of your identity. This will also protect your customers from falling victim to cyber scams and maintain your reputation’s integrity.

2. Symbol of Legitimacy and Trust:

Gmail’s blue badge is a recognized seal of authenticity by users, conveying trust and security in your communications. When displayed, your subscribers will form a stronger and longer-lasting trust bond.

3. Increased Engagement and Conversions:

The trust generated by BIMI and the blue badge can translate into greater engagement from your customers, as they will feel more secure in opening your emails, interacting with your content, and making conversions.

4. Strengthening Brand Affinity:

The blue badge becomes a distinctive element that sets you apart from the competition. It will attract loyal subscribers who appreciate the authenticity and security it offers, consolidating your market position.

In summary, implementing BIMI and obtaining Gmail’s blue badge is a smart investment that protects your brand, fosters trust, and drives you toward success. However, it’s important to consider that the process of obtaining these features requires financial investment and a considerable amount of time for review and activation, so ensure that it is crucial for your business.