In January of this year, Twilio became a part of the Authindicators working group, joining numerous other entities in the email ecosystem including Google, Yahoo!, Comcast, Valimail, 250ok, and ReturnPath in an effort to bring Brand Indicators for Message Identification (BIMI) to life. BIMI is a standard that attempts to increase the wide adoption of email authentication in the ecosystem while simultaneously providing senders with a way to provide their customers with a more immersive experience.

With two of the three biggest North American free mailbox providers, as well as one of the largest ISPs committing to supporting the development of the standard, the importance of BIMI is abundantly clear and we wanted to ensure that we brought BIMI to the community of senders that view email as a crucial communication tool. This couldn’t be more true today as the global community struggles with the ongoing effects of the COVID-19 pandemic. In an age of physical distance, it’s important to leverage technology with a global reach to preserve business continuity and strengthen the ties that bind us all together.

Today, Google announced that a BIMI pilot on Gmail is launching in the coming weeks and that major brands are participating in the pilot to help Google tune their implementation as well as validate the fundamentals of the BIMI standard ahead of its general availability.

BIMI presents different advantages to different people

One of the things that’s incredibly important to understand about BIMI is that it presents multiple advantages that differ depending on who you are speaking to. For mailbox providers like Gmail, BIMI is an effort to strengthen and broaden the adoption of email authentication technologies among the world’s sending community. The benefit of more senders publishing SPF, DKIM, and DMARC at enforcement (all of which are basic requirements of BIMI), is that those brands become harder to spoof and help separate signal from noise in the inbox.

For marketers, BIMI represents the opportunity to further brand emails and obtain an improved user experience for their recipients. What CMO doesn’t want to see their logo beside one of their emails? BIMI is the latest chapter in the long storied evolution of email and the inbox experience from a recipient point of view. There was a time (many years ago) when reading panes in email clients were a novel and welcome experience. Today the browser inbox is replete with customizable features. While BIMI appears to be one of those features, it is at its foundation, a keen standard to help improve the security of email by increasing the use of existing email authentication technologies and providing incentives to everyone in the email ecosystem.

BIMI requirements

BIMI will require senders to take a number of steps in order to have their logos show up within Gmail when BIMI becomes generally available. First and foremost, senders must have a good sending reputation.

  • Senders will have to authenticate their email using SPF and DKIM.
  • Senders must publish a DMARC policy at enforcement which means either “p=quarantine” or “p=reject” on the organizational domain.
  • Senders will need to create and publish a Scalable Vector Graphic (SVG) Tiny 1.2 logomark.
  • Senders will need to publish a BIMI record (check it out using this BIMI Generator).
  • Senders will be required to obtain a Verified Mark Certificate (BIMI certificate) for the logo.
    • VMCs exist to validate ownership of an organization’s logo; the certificates are based on registered trademarks of the logo/image,
    • VMCs will be issued by two BIMI-qualified Certification Authorities – Entrust DataCard and DigiCert (currently, VMCs are a Google-specific requirement for BIMI).

Although BIMI is not generally available yet, it’s not too early to begin thinking about enabling DMARC or moving your existing policy to enforcement. Given the complexity of large organizations that might be leveraging numerous third party senders on their behalf, achieving DMARC enforcement could be non trivial. As DMARC is a basic requirement for BIMI, now’s a good time to review how you’re authenticating all of your email.

To prepare for the post-pilot launch of BIMI and to generally help secure the ecosystem, we encourage all senders to start adopting DMARC. To learn more about BIMI, visit the working group’s website.



Len Shneyder
Len Shneyder is a 15+ year email and digital messaging veteran and the VP of Industry Relations at Twilio SendGrid. Len serves as an evangelist and proponent of best practices and he drives thought leadership and data-driven insights on industry trends based on the massive volume of email SendGrid delivers on behalf of their customers. Len is a longtime member of M3AAWG (the Messaging, Malware, Mobile Anti-Abuse Working Group) and served on its board in addition to Co-Chairing the Program Committee. He’s also part of the MAC (Member Advisory Committee) of the EEC (Email Experience Council) where he serves as the organization's MAC Chair. The EEC is a professional trade organization focused on promoting email marketing best practices. The EEC is owned by the ANA (Association of National Advertisers), a nearly 100-year-old organization where he also sits on the Ethics Committee. In addition, Len has worked closely with the ESPC (Email Sender & Provider Coalition) on issues surrounding data privacy and email deliverability.