The kick-off of the Brand Indicators Message Identification (BIMI) Beta Pilot started recently and we’ve been witness to a growing swell of interest from companies who want their logos displayed alongside the marketing emails sent to thousands of their customers. The BIMI pilot is a cutting edge action in which the DMARC standard can be utilized in a true consumer-oriented and interactive manner.
Three related, but parallel tasks typically have to be completed to get your company involved with the BIMI pilot.
- Cross-functional: Identifying a domain at DMARC Reject and properly formatted logo
- Cross-functional: Security/Marketing Buy-in
- Technical: BIMI DNS Record
Choosing a Domain
For companies already at DMARC enforcement, the initial step is a very quick and simple process. All that has to be done is to choose a domain already at DMARC enforcement (at Reject or Quarantine) and build a BIMI DNS record. A recently published blog post can help you through this process.
As your organization’s DMARC and BIMI champion, the two most common questions you will encounter are:
- “What are DMARC and BIMI?”
- “What are the benefits of participating in the Beta Pilot?”
To answer the first question, BIMI is a standardized way for brands to publish their logo online. It lets the logos be easily incorporated into messaging and social media applications. BIMI does this with built-in protections that safeguard the brand and protect application providers and consumers from impersonation attempts.
With BIMI, email applications display the sending company’s brand logo alongside authenticated emails in the inbox list and within emails themselves. BIMI-sourced logos appear on screen real estate controlled by the email program, not by the email. When coupled with email authentication, it provides greater visibility, reliability, and trust, which are benefits to both marketing and security.
BIMI logos aren’t just for email. They can be incorporated into any internet-based communications service including social media apps, online services, messaging services and more. It is being developed as an open standard available to any company wishing to implement it, without licensing fees.
To answer the second question regarding benefits, in short, organizations will get free, sanctioned brand impressions within the world’s largest email platforms. Sending organizations will also get, as a side effect of the requirements of BIMI, a more secure communications channel between themselves and their customers.
For senders and brands, BIMI offers the benefits of immediate brand recognition and an enhanced user experience, and ensures their logo is current and consistent across platforms.
For more information on BIMI see our FAQ document.
Gaining Internal Buy-in
Getting by the initial set of questions about DMARC can be simply done by referring to the BIMI FAQs. There are also several websites and videos dedicated to DMARC. Here, we will address the questions surrounding the specific steps associated with the pilot and help you, as your organization’s champion, make the business case to participate.
Senior IT Security Departments
The first stop outside of your office is to speak with a senior IT manager or the individual responsible for making DNS changes. The goal of this conversation is to remove any fears around “another DNS change” and get a pre-authorization for the modification.
They should already be familiar with DMARC, and definitely with DNS, so the need to provide context for either will probably be unnecessary. Focusing directly on the benefits regarding BIMI is the key to this conversation.
Explain the simplicity of the BIMI DNS record in comparison to other more complicated ones and that you want to participate in a pilot which provides an immense benefit, and virtually no risk. The purpose is to this new capability and there is no impact to deliverability if an error occurs with the new BIMI record. If something does go wrong, your post-BIMI emails will look exactly like your pre-BIMI emails and a quick review should clear up any issues. You can even go to the efforts of creating an actual BIMI record and be prepared to walk through each of the DNS record’s components. Finally, focus on the added benefits it provides by extending the value of your organization’s existing DMARC project by generating increased consumer brand impressions rather than remaining as a traditional cost-center.
You may also get a question about the security of the logo and can it be spoofed. Right now for the pilot, the logo can only be displayed by connecting with your own DNS record and is as secure as your own DNS environment. For the pilot, Yahoo is also whitelisting domains and logos on their end. Moving forward there will be a series of certifying authorities enabled that are very similar to how Certificate Authorities operate. These organizations will do the heavy lifting of “approving logos and matching them with domains”. The working group is in the process of adopting a solution now and we will have public updates soon.
Put simply, with no risk to your DNS, security can continue to add to the business’ value in a proactive manner using the DMARC standard by incorporating the new BIMI capability. Thousands of new brand impressions will be made at no additional cost to marketing and no real cost or risk to security. Once the pilot is successful, other receivers will look to capitalize on its success creating an exponential level of brand impressions. By allowing the DNS change, security can foster the business case to join the pilot to while simultaneously being a part of your company’s successful adoption of BIMI.
What’s in it for the Security group?
Let’s look at the specific benefits available to your security group when implementing BIMI. These include:
- Continual justification for, and additional value in, current DMARC project investment
- Low Overhead with a one-time per domain DNS change
- No Risk from the DNS change by design
- No Risk because of no needed change to your current DNS environment
- The addition of company value and refuting perception of being a “cost-center”
The quickest way to influence a Marketing or Trademark person is through brand impressions, especially free ones! Marketing departments directly compete with both spam and phish for customer impressions and, more often than they’d like to admit, lose out to the criminals. When this happens, customer trust is negatively impacted meaning legitimate emails go unseen and unread. DMARC enforcement prevents phish from showing up in customer inboxes. Customer engagement increased and attempted brand spoofing decreased with the end result of a higher Return on Investment for the entire business directly from the DMARC undertaken that lead you to enforcement status. Basically, the DMARC security driven project made the marketing team even more effective.
Two Benefits in One
BIMI elevates the already successful cross-functional cooperation to the next level by reinforcing through including an officially approved logo. Not only are customers confident that your emails are legitimate, they get a sense of “double” comfort by seeing your logo in their inbox as well. Your logo will be visible to customers in multiple places including the message list and when the message is opened. Every time a customer receives an email from a domain using BIMI, a customer can get as many as three unique brand impressions. Multiplying that by the number by tens of millions of emails per day sent by a typical bank or social media platform, the brand impressions start to add up. The best part is that there is no cost to marketing other approving the domain to use and choosing a logo. The only real “cost” is to security when they generate a BIMI DNS record and make a change to it. The quicker the decision to participate across your company, the sooner you can benefit from BIMI’s adoption. You’ll also be ready for the post-pilot adoption by the other major email receivers and potentially non-email based platforms that can show your brand identity.
What’s in it for the Marketing/Trademark Departments?
Likewise there are many benefits available to your Marketing and Corporate Marketing departments including:
- Improved control of logo usage
- Thousands of Free Brand Impressions
- No additional cost
- As early adopter gain an advantage over your competitors
- Preparation for post-pilot BIMI implementation
- Central control of brands across key corporate domains
DMARC has already redefined the concept of brand identity by focusing on a company’s most valuable possession, its identity. DMARC’s benefits to not only security groups, but also to marketing and trademark organizations are undeniable. BIMI is poised to continue this success and continue to drive cross-functional cooperation for the good of your business and customers.
Without BIMI, companies brand usage by email providers and search engines were prone to error, often leading to the display of old or incorrect brands. BIMI changes this by centralizing one’s branding and putting it back into the control of the brand owner. Adopting BIMI early as part of the pilot will only ensure you are poised to experience the long-term benefits of BIMI.