Is BIMI easily spoofed and are there drawbacks to BIMI implementation?
Summary
What email marketers say12Marketer opinions
Email marketer from Reddit explains the risk of trademark disputes with BIMI, if your logo is too similar to an existing trademark, even if unintentional, you might face legal challenges and have to discontinue using the logo for BIMI.
Marketer from Email Geeks reminds that mailbox providers don’t HAVE to show your logo and that if you are a bad actor, they can just not show your BIMI logo so now you’ve paid money for no reason.
Email marketer from Mailhardener shares that BIMI adoption is not universal among email providers, so the visual benefits may not be seen by all recipients. This limited support diminishes the value for some senders.
Email marketer from SparkPost explains that while BIMI offers visual branding, it doesn't solve all email deliverability problems. Content quality and sender reputation are still critical.
Email marketer from Validity explains that BIMI acts as a visual trust signal, but notes that it requires ongoing maintenance of DMARC, SPF, and DKIM records to remain effective and prevent display issues if authentication fails.
Email marketer from EmailVendorSelection mentions the complexity involved in setting up BIMI, including DNS records, VMC acquisition, and DMARC configuration. This can be technically challenging for some organizations.
Email marketer from Val Geisler's website explains that BIMI requires a VMC (Verified Mark Certificate), which can be complex and costly to obtain, especially for smaller businesses. This cost and complexity can be a significant drawback.
Email marketer from Litmus shares that BIMI is not universally supported across all email clients and ISPs, which means that not all recipients will see the logo, reducing the overall impact of the implementation.
Email marketer from ZeroBounce shares that while BIMI can improve brand recognition, it doesn't directly guarantee higher deliverability. Deliverability depends on various factors, including sender reputation and email content.
Email marketer from Reddit mentions that smaller businesses may find the cost and complexity of BIMI, especially the VMC, prohibitive compared to the potential benefits, making it less attractive.
Marketer from Email Geeks explains that, VMC or no VMC, they also look at who you are and what you do in their network and just because you send an email and have a valid BIMI logo doesn’t mean they will show your logo, let alone your emails.
Marketer from Email Geeks responds that spoofing BIMI is nearly impossible because the checks Certificate Authorities do are very thorough.
What the experts say4Expert opinions
Expert from Email Geeks shares they have not seen any BIMI spoofing in action, and they talk to the Cert providers frequently.
Expert from Spamresource explains that although BIMI has some drawbacks like cost and technical implementation, it's generally considered worthwhile for companies wanting to enhance their brand presence in the inbox and protect against spoofing.
Expert from Email Geeks explains that BIMI forgery is kind of expensive and that bad actors that cycle domains are probably not going to cycle the certs like that and it does not mean a domain will have a good reputation.
Expert from Word to the Wise (Laura Atkins) shares that implementing BIMI correctly requires careful attention to detail regarding DMARC compliance, VMC acquisition, and DNS record setup, and that these technical hurdles can be a drawback for smaller organizations lacking specialized expertise.
What the documentation says5Technical articles
Documentation from Entrust explains that to display a logo with BIMI, a Verified Mark Certificate (VMC) issued by an authorized certification authority is required, adding a layer of validation and cost.
Documentation from dmarcian explains that BIMI requires a DMARC policy to be enforced (p=quarantine or p=reject), which can be a hurdle for organizations still working on DMARC implementation. This is a requirement, not optional, for BIMI.
Documentation from GlobalSign indicates that the cost of a VMC can be a significant investment, particularly for smaller organizations. This cost can vary, making budgeting difficult.
Documentation from BIMI Group explains the technical specifications of BIMI, including the requirements for SVG logos, DNS records, and the VMC, outlining the need for adherence to standards to ensure proper display.
Documentation from DigiCert explains that BIMI relies on strong email authentication (SPF, DKIM, DMARC) and a VMC, which ensures that only legitimate senders can display their logos, reducing the risk of spoofing.