When it comes to getting your emails noticed and opened in an increasingly crowded inbox, DMARC and BIMI give companies an edge over other brands. BIMI (Brand Indicators for Message Identification) allows your company logo to be displayed alongside your email messages as a reward for authenticating and verifying information about your brand. BIMI requires a DMARC record to be in place, working with other authentication protocols to build trust with mailbox providers and supports healthy deliverability.
The implementation process can be tricky to navigate. In this episode of Email Deliverability Unfiltered, we welcome Ron Dorsey, Director of Lifecycle Marketing at Eargo, and Matthew Seifert, Senior Director of Retention & Monetization at Pretty Litter, to discuss the ins and outs of implementing DMARC and BIMI and what they learned along the way.
Watch Full Episode
Host: Jennifer Nespola Lantz, VP of Industry Relations & Deliverability at Kickbox
Guest: Ron Dorsey, Director of Lifecycle Marketing at Eargo & Matthew Seifert, Senior Director of Retention & Monetization at Pretty Litter
Why DMARC and BIMI? (4:45 – 6:05)
Matt explains why Pretty Litter employed DMARC and the importance of protecting your brand from spoofing. It’s also the foundation for implementing BIMI.
Implementing DMARC (6:06 – 11:42)
We review the prerequisites and implementation steps for DMARC with the help of a nifty visual aid!
Matt outlines the steps that Pretty Litter took to implement DMARC, the timeline, and how they monitored progress.
Eargo’s DMARC Journey (11:43 – 14:01)
Ron discusses the process for implementing DMARC at a smaller company like Eargo. Using a self-service implementation model was quite a process but resulted in improved deliverability and opened a pathway to BIMI. We discuss the importance of monitoring the process throughout, ensuring gaps are closed before moving to enforcement.
Stakeholders (14:02 – 18:31)
A big part of implementing DMARC is involving the right stakeholders. Matt and Ron outline the individuals and teams they involved to implement the authentication processes. Identifying who manages the DNS records internally and involving ESP partners was a solid starting point. Ron outlines a few tools and resources that were also helpful.
Implementing BIMI (18:32 – 26:25)
We reviewed the general steps to implement BIMI once DMARC is published with an enforcement policy (quarantine/reject).
Although it can seem as simple as providing logos and updating DNS records, the reality was more complex. Ron discussed some of the specific steps–not widely published–that Eargo took to implement BIMI. Of note was the complexity around obtaining VMCs (Verified Mark Certificates), including acquiring registration numbers for trademarked logos to prove ownership and authenticating identities of the brand’s representatives. The result was better deliverability and a nifty logo displayed next to their emails to help them get noticed.
Pretty Litter’s BIMI Onboarding (26:25 – 28:52)
Matt shares his progress in the BIMI journey so far. Because Pretty Litter has two domains, they needed clarity on how many VMCs were required and how many DMARC records. The process is more complicated than it seems at first glance.
Certificate Authority (CA) Implementation (28:53 – 33:40)
We review the different options for obtaining Verified Mark Certificates (VMCs). These VMCs authorize the validity of the logo and who it belongs to and which domains are allowed to use it. We compare the requirements of two options: Entrust and Digicert.
Entrust is more affordable and offers VMC on a single domain/subdomain. If you want to cover the subdomains separately, you need a VMC for each. Posting on the domain (or ORG domain) is preferable so that you have the flexibility to cover subdomains.
Digicert is more expensive, but one big difference between the two is that Digicert offers Multi-SAN VMCs, which are “like” Multi-SAN SSLs in that you can cover multiple domains or subdomains in one certificate for a single logo. This gives you the flexibility to pick and choose which subdomain has coverage and which domains you want to share the logo.
We also covered requirements and recommendations for DNS entries when implementing BIMI:
Regardless of the Certificate Authority and the number of VMCs, DMARC has to be at enforcement on the organizational level (domain level). BIMI and the associated VMC can be posted on the domain and/or subdomain level.
Thanks to Matt and Ron for sharing their DMARC and BIMI stories. The process isn’t yet as simple or predictable as email senders expect, but it was great to hear real-life examples of employing these authentication protocols and lessons learned along the way. Trust and reputation are the foundation for successful deliverability, and implementing DMARC and BIMI is a great way to establish it.
If you’re interested in improving your own deliverability for your email program, check out our new deliverability tools to help you monitor your own DMARC policies.