Will BIMI become a standard trust indicator for email like SSL/TLS for websites?
Summary
What email marketers say7Marketer opinions
Email marketer from SparkPost believes that as more companies implement BIMI, users will become more accustomed to seeing the logo, and it will increase trust and brand awareness, helping it become a standard indicator of trust.
Email marketer from ZeroBounce shares that BIMI provides a visual cue that enhances brand recognition in the inbox, improves trust with subscribers, and strengthens email security through DMARC enforcement.
Email marketer from Litmus explains that BIMI helps brands stand out in crowded inboxes and provides a recognizable trust indicator for recipients when correctly implemented.
Email marketer from Reddit shares that BIMI adoption can be expensive for smaller businesses due to trademark registration and VMC costs. This presents a barrier to widespread adoption across all business sizes.
Email marketer from Email on Acid responds that BIMI makes it harder for phishers to spoof legitimate brands, as they would need a registered trademark and VMC, adding a layer of security beyond SPF, DKIM, and DMARC alone.
Email marketer from Mailjet explains that while BIMI is gaining traction, widespread adoption depends on email service providers (ESPs) and mailbox providers supporting the standard. Current support is limited but growing.
Email marketer from Gmass believes that BIMI's future as a trust indicator hinges on mailbox providers consistently displaying the logos and users recognizing them as signs of authenticity. Without consistent display and user awareness, its impact will be limited.
What the experts say10Expert opinions
Expert from Email Geeks explains that CAs are vouching for the identity and trustworthiness of their customers, which is better than mailbox providers maintaining a whitelist but not free.
Expert from Email Geeks indicates that Extended Validation (EV) website certificates are the closest historical model to BIMI.
Expert from Email Geeks explains that BIMI is not inherently a trust indicator like SPF, DKIM, or DMARC.
Expert from Email Geeks clarifies that the main authentication difference with BIMI is the inclusion of a Certificate Authority to validate the sender's identity, which incurs a cost. The image is marketing and DMARC is politics, not authentication.
Expert from Email Geeks states that the cost is a significant aspect of BIMI. If BIMI is seen merely as marketing, the expense and minimal benefit to the recipient are less important. However, if BIMI is linked to trust, security, or phishing prevention, it becomes a more complex issue.
Expert from Email Geeks explains that if BIMI is viewed as just marketing, the labor-intensive part isn't necessary. However, if it's related to trust or brand integrity, the threat model around trademarks necessitates validation beyond just having a trademark.
Expert from Email Geeks explains that mailbox providers could implement a system similar to BIMI using DKIM and favicons (or other identity-to-image maps) without the expensive identity verification step. The labor-intensive identity verification is the key aspect of BIMI.
Expert from Word to the Wise responds that BIMI is unlikely to become a universal trust indicator. The primary reason is the complexity and cost associated with obtaining a Verified Mark Certificate (VMC), which is a requirement for BIMI. Also BIMI suffers as Gmail and other systems that fully support BIMI only show logos if it’s a brand you email with frequently.
Expert from Email Geeks explains that to spin up a new BIMI CA, convincing mailbox providers of customer vetting, pricing, policing, and revenue stream is crucial, highlighting the role of transitive trust and personal relationships with mailbox provider executives.
Expert from Email Geeks compares BIMI to Extended Validation (EV) TLS certificates, noting EV certs were a revenue source for certificate authorities but offered little practical reassurance to users over Domain Validated (DV) certificates.
What the documentation says3Technical articles
Documentation from Entrust shares that a VMC is valid for two years, and after this period, the organization must renew it, proving ongoing control and use of the brand logo.
Documentation from BIMI Group explains that BIMI enhances brand value by connecting verified logos to the increased protection provided by DMARC enforcement, building on improved authentication against domain impersonation.
Documentation from DigiCert clarifies that to implement BIMI, you need DMARC set to enforcement (p=quarantine or p=reject), a registered trademark for your logo, and a Verified Mark Certificate (VMC) issued by an authorized certification authority.