Introduction

Imagine a customer or employee receives a phishing email that looks and sounds exactly like your company emails. It could be very difficult for them to tell whether the email actually comes from you or not. Especially with the sophisticated phishing emails that can be created with AI, it can be very minor details that give away an email as being fraudulent. These details can be extremely difficult to notice if you’re not looking for them or if you’re in a hurry, putting everyone, from employees to customers and partners, at risk of being scammed.

BIMI is a way to quickly show email recipients that emails actually originate from your organization. Let’s look more closely at how BIMI helps authenticate emails and how you can implement it. 

What is BIMI?

BIMI (Brand Indicators for Message Identification) allows you to add your brand logo to all outgoing emails from your company. Recipients will be able see your logo both directly in their inbox and when opening the emails, giving them the confidence that the emails actually come from you.  

Aside from the additional security against scams and impersonation, BIMI helps increase the deliverability and open rate of sent emails, ensuring the efforts you put into email communication and marketing don’t go to waste. However, to properly implement BIMI an additional element is needed. You also need a VMC (Verified Mark Certificate) to be able to display your logos on outgoing emails.

What is a VMC Certificate?

A Verified Mark Certificate, or VMC, is a security certificate issued to your organization that allows you to use your trademarked logo in your BIMI implementation. To obtain a VMC, validation is performed on your organization, your domain, and your right to use the logo. Furthermore, you need to have completed your DMARC deployment with the proper security level and secured the right to your figurative trademark in order to obtain a VMC.

How to implement BIMI and VMC correctly

To implement BIMI and VMC smoothly and correctly, you need to carry out the necessary steps in the right order. These are:

  1. Implement a DMARC policy. You can learn more about DMARC and whether your email domain is already protected by DMARC here.

  2. Trademark your logo at an official trademark office. In Sweden, that is the Swedish Intellectual Property Office.

  3. Obtain a VMC Certificate from an accredited vendor like Excedo.

  4. Implement BIMI.

Conclusion

BIMI and VMC show that to gain full protection for your email and your brand, you need to combine elements from both IT and the law. Although it is a very good start, it is not always enough to just have a DMARC policy. To keep your employees, customers, and partners safe, one must build upon DMARC and add additional layers of verification and authentication.

BIMI and VMC offer a visual signature on top of the checks dictated by the DMARC policy, reassuring your stakeholders that you care about their digital safety and take all the necessary steps to protect them.

Do you know if BIMI and VMC are enabled for your email?

Use our BIMI verification tool to check if BIMI is enabled for your domain so you can stand out in crowded inboxes.