Summary
Implementing BIMI on a subdomain without affecting the main domain or transactional emails requires careful configuration. The core strategy involves creating and deploying a distinct BIMI record specifically for the subdomain in the DNS settings, ensuring the BIMI logo only appears on emails sent from that subdomain. If a VMC is used, it should be valid for both the organizational domain and the subdomain. Additionally, the subdomain's DMARC policy needs to be properly aligned to maintain deliverability. For transactional emails, options include setting up a separate subdomain or using a profile picture for the sending address, recognizing that BIMI application is typically domain-wide. Given that BIMI doesn't inherently allow specifying particular email addresses, DNS record management and considering DMARC alignment are crucial.
Key findings
- Subdomain BIMI Record: A separate and specific BIMI record must be created and deployed for the subdomain in DNS settings.
- VMC Validity: If a VMC is used, it needs to be valid for both the organizational domain and the subdomain.
- Subdomain DMARC Alignment: Proper DMARC policy alignment is essential for the subdomain to maintain email deliverability and authentication.
- Transactional Email Solutions: Consider options like a separate subdomain or a profile picture for transactional email addresses.
- BIMI Application Scope: BIMI's protocol doesn't inherently specify which addresses get logos; thus, DNS configuration is key for control.
Key considerations
- DNS Configuration: Accurately configure DNS records to point to the logo and VMC associated with the subdomain.
- DMARC Impact: Understand the domain alignment implications of implementing BIMI and its effect on deliverability.
- Prevent Domain Impact: Implementing BIMI for subdomains or using a new domain helps prevent BIMI from affecting the entire domain.
- Assertion Record: Ensure the BIMI Assertion record is published correctly with the appropriate VMC SAN dNSName configuration for validation.
What email marketers say
9 marketer opinions
Implementing BIMI on a subdomain requires careful configuration to avoid impacting the main domain or transactional emails. The key is to create and deploy a separate BIMI record specifically for the subdomain in DNS settings. The VMC, if used, should be valid for both the organizational domain and the subdomain. Ensure DMARC alignment for the subdomain to maintain deliverability. For transactional emails, options include setting up a separate subdomain or using a profile picture for those addresses, as BIMI cannot be selectively removed while still functioning.
Key opinions
- Separate BIMI Record: A distinct BIMI record must be created and deployed specifically for the subdomain in the DNS settings.
- VMC Validity: The VMC, if utilized, must be valid for both the organizational domain and the subdomain to ensure proper validation.
- Subdomain DMARC Alignment: Ensure the subdomain is appropriately aligned with your DMARC policy to maintain email deliverability and authentication standards.
- Transactional Email Handling: For transactional emails, consider setting up a separate subdomain or using a profile picture for those email addresses.
Key considerations
- Domain Impact: Be aware that BIMI implementation can impact the entire domain if not configured correctly; using subdomains mitigates this risk.
- DNS Deployment: The BIMI DNS record needs to be deployed correctly in the DNS settings of the subdomain for it to function properly without affecting the main domain.
- Assertion Record Validation: Ensure the BIMI Assertion Record is published correctly with the appropriate VMC SAN dNSName configuration.
Marketer view
Email marketer from Reddit User shares that you need to create a separate BIMI record for your subdomain in the DNS settings. Ensure you do not affect the main domain's existing BIMI record (if any).
26 Jun 2024 - Reddit
Marketer view
Email marketer from Email Geeks User explains you need to set up a subdomain or implement the logo as a profile picture for those addresses. They also state you can't take it away from the main email and still have it for transactional emails.
7 Jan 2022 - Email Geeks
What the experts say
5 expert opinions
Implementing BIMI on a subdomain without affecting the main domain or transactional emails requires specific configuration steps. Key actions include creating and deploying a BIMI record specifically for the subdomain. Given BIMI's domain-wide application, controlling which emails display the logo involves configuring DNS records and considering how transactional emails are handled. Options for transactional emails include moving the BIMI record to the relevant subdomain, establishing a new subdomain, or using a profile picture for those addresses. Ensuring the subdomain has its own valid DMARC policy is also critical for the BIMI implementation to function correctly and avoid negatively affecting the overall email authentication posture.
Key opinions
- Subdomain BIMI Record: A BIMI record must be specifically created and deployed for the subdomain to avoid impacting the main domain.
- DMARC Policy: The subdomain must have its own valid DMARC policy to ensure proper BIMI implementation and avoid negatively impacting email authentication.
- Transactional Email Handling: Options for transactional emails include moving the BIMI record to that subdomain, setting up a new subdomain, or using a profile picture for those addresses.
- BIMI Application: BIMI does not inherently allow specifying which specific email addresses should display the logo; it applies domain-wide unless configured at the subdomain level.
Key considerations
- DNS Configuration: Correctly configure DNS records, pointing to the logo and VMC (if used), specifically associated with the subdomain.
- VMC Validity: Verify the VMC linked to the BIMI record is valid for the organizational domain level, if required.
- Alternative Solutions: Consider alternative solutions for transactional emails to avoid unintended logo display on employee emails.
Expert view
Expert from Word to the Wise explains that When implementing BIMI on a subdomain, make sure that the subdomain has its own valid DMARC policy in place. This is essential to ensure that the BIMI implementation works correctly and doesn't negatively affect the overall email authentication posture of the main domain or the transactional emails.
24 May 2023 - Word to the Wise
Expert view
Expert from Spam Resource explains that to implement BIMI on a subdomain without affecting the main domain, you need to ensure the BIMI record is specifically created and deployed for the subdomain only. This involves configuring DNS records to point to the logo and VMC (if used) associated with the subdomain.
18 Nov 2021 - Spam Resource
What the documentation says
3 technical articles
Implementing BIMI on a subdomain while preserving the integrity of the main domain involves strategic DNS record management. The BIMI record should be placed specifically on the subdomain to limit the scope of the BIMI application. Utilizing a VMC necessitates that the certificate is valid for both the organizational domain and the subdomain, addressing validation requirements. Accurate configuration of DNS records for the subdomain, including the location of the logo and VMC (if applicable), is essential for a successful implementation.
Key findings
- DNS Placement: BIMI records should be placed on the subdomain to avoid impacting the main domain.
- VMC Validation: If a VMC is used, it should be valid for both the organizational domain and subdomain, depending on requirements.
- Accurate Configuration: Configuring the DNS records for the subdomain accurately, including the logo and VMC locations, is essential.
Key considerations
- Scope of Application: Consider the scope of application carefully and deploy BIMI records accordingly, either at the organizational domain or subdomain level.
- Certificate Validity: Ensure the VMC is valid for all required domains, either by requesting it for both or using a higher-level domain.
- Configuration Precision: Pay close attention to the accuracy of the DNS record configurations, particularly when specifying logo and VMC locations.
Technical article
Documentation from BIMI Group Website explains that BIMI records are placed in DNS at either the organizational domain (e.g., example.com) or a subdomain (e.g., email.example.com), depending on the scope of application. To avoid affecting the main domain, place the BIMI record on the subdomain.
17 Sep 2022 - BIMI Group Website
Technical article
Documentation from Entrust explains that setting up BIMI on a subdomain without affecting your main domain requires you to configure your DNS records by adding a BIMI record to your subdomain. Make sure that your BIMI record includes the location of your logo and the location of your VMC. VMC is optional but is needed for Gmail and Yahoo.
18 Sep 2024 - Entrust
Does BIMI require DMARC at the organizational level, and can it be implemented only at the subdomain level?
Do I need to set up DMARC for subdomains?
How to apply BIMI to a specific subdomain instead of the entire domain?
Can DKIM be set up on a subdomain, and which domain should be used for signing?
How do I implement BIMI for multiple brands with subdomains?
How do I implement DMARC with BIMI on multiple subdomains?
