Looking for advice on BIMI, SPF/DMARC alignment and branded domains

ameliamarie

Hi everyone,

We're looking into implementing BIMI, but there are a few questions and concerns regarding the process. I'd love to hear your thoughts or experiences.

1. Our IT team mentioned that either SPF or DKIM needs to align with the domain in the "From" header for BIMI to work, especially with Gmail enforcing this for bulk senders. My understanding is that DMARC alignment could be a requirement too. Has anyone dealt with this?

2. There's some concern about using a branded domain as primary domain, specifically around brand reputation and complexity. From what I've read, it's generally not recommended. Thoughts? Can anyone provide additional information?

3. From what I've gathered, Marketo doesn't support BIMI out of the box, but it's possible to configure (with an additional cost). If you've implemented BIMI through Marketo, was it worth the effort? Did you see any noticeable difference?

I'm trying to get a sense of whether the ROI is worth the time and complexity. Please share your experiences, advice, or anything else I should be thinking about as we figure this out.

Thank you so much!

Michael_Florin

Hello and happy new year!

1. Our IT team mentioned that either SPF or DKIM needs to align with the domain in the "From" header for BIMI to work, especially with Gmail enforcing this for bulk senders. My understanding is that DMARC alignment could be a requirement too. Has anyone dealt with this?

Yes, DMARC is a requirement.

2. There's some concern about using a branded domain as primary domain, specifically around brand reputation and complexity. From what I've read, it's generally not recommended. Thoughts? Can anyone provide additional information?

Well, every company I know uses branding on their Marketo domains. To be specific: If your company domain is example.com, you might want to create subdomains for Marketo to use. lp.example.com for landing pages, go.example.com for the branded tracking link and mail.example.com for the from-email-address. You might refer to the fact that some companies don't opt to use a from-email-address like marketing@example.com - i.e. using the company domain directly for Marketo emails - but rather marketing@mail.example.com to preserve @example.com for non-marketing emails.

3. From what I've gathered, Marketo doesn't support BIMI out of the box, but it's possible to configure (with an additional cost). If you've implemented BIMI through Marketo, was it worth the effort? Did you see any noticeable difference?

I don't think Marketo has anything to do with BIMI eventually, and thus can't or won't charge you. BIMI is a setting on your main domain - like example.com. And any subdomain under example.com will inherit its BIMI settings.

Well, and "is it worth it" is the million-dollar-question. What do you mean exactly? Does BIMI create an uptick in opens, clicks and revenue? Or does it just look better in Gmail on Android? - I honestly can't say if it's worth it in that regard. That would require substantial testing and analytics, which is difficult as A/B testing isn't really an option. I don't see BIMI being widely used, neither in B2C or B2B, and that is probably because most companies aren't convinced of such an uptick.

We have 2 clients with BIMI and 10 without, and we can't see any difference. But again: Difficult or probably impossible to compare.

View solution in original post

Christiane_Rode

Speaking to your third point, BIMI is not tied to your Marketo instance, so you wouldn't implement it through them. You could implement this on your general domain without any specific MAP or ESP if you meet the requirements.

The costs associated with it come from the VMC or CMC (other than labor costs). I believe that, while you don't need a VMC or CMC it's strongly encouraged as certain email clients like Gmail won't display your logo if you don't have a certificate.

Additionally, once implemented, it might take a little while for the logo to appear consistently in certain clients (like gmail).

View solution in original post

SanfordWhiteman

1. Our IT team mentioned that either SPF or DKIM needs to align with the domain in the "From" header for BIMI to work, especially with Gmail enforcing this for bulk senders. My understanding is that DMARC alignment could be a requirement too. Has anyone dealt with this?

To be clear, there’s no such thing as “alignment” outside of DMARC.

SPF and DKIM on their own don’t speak “alignment.” They use the concepts of pass/fail/unknown in the case of SPF, and valid/invalid (equiv. to pass/fail) and reject/quarantine in the case of DKIM.

DMARC created the concept of “alignment” to mean a relationship between the From: domain and the SPF and/or DKIM results for the same message.

So what your IT team is referring to is DMARC alignment, which as Michael confirmed is a requirement of BIMI. BIMI also requires a strict DMARC policy. A policy is how your domain instructs senders to behave when DKIM is not aligned. You can have a permissive DMARC policy that’s more cosmetic and still be considerred “using DKIM.” But you cannot have a permissive DMARC policy and use BIMI.

Also note that it’s impossible to have SPF alignment if you’re using Marketo. You will always rely on DKIM alignment. That’s fine, DMARC doesn’t value one more than the other and having both adds nothing.

2. There's some concern about using a branded domain as primary domain, specifically around brand reputation and complexity. From what I've read, it's generally not recommended. Thoughts? Can anyone provide additional information?

Unclear what you mean here. As Michael asked, do you mean a subdomain, e.g. mktg.example.com? It’s fine to use a subdomain. It will not keep y0u off blocklists in any way, however — since blocklists just list your shortest private domain, e.g. example.com.

A subdomain can be useful for creating separate policies, though. For example, you can publish a strict DMARC policy for example.com which makes it harder to forge emails From:user@example.com, while certain subdomains are looser w/DMARC because you’re not 100% sure all senders using that subdomain are properly signing emails. (Of course as noted above you must have a strict policy to activate BIMI.)

View solution in original post

Michael_Florin

Hello and happy new year!

1. Our IT team mentioned that either SPF or DKIM needs to align with the domain in the "From" header for BIMI to work, especially with Gmail enforcing this for bulk senders. My understanding is that DMARC alignment could be a requirement too. Has anyone dealt with this?

Yes, DMARC is a requirement.

2. There's some concern about using a branded domain as primary domain, specifically around brand reputation and complexity. From what I've read, it's generally not recommended. Thoughts? Can anyone provide additional information?

Well, every company I know uses branding on their Marketo domains. To be specific: If your company domain is example.com, you might want to create subdomains for Marketo to use. lp.example.com for landing pages, go.example.com for the branded tracking link and mail.example.com for the from-email-address. You might refer to the fact that some companies don't opt to use a from-email-address like marketing@example.com - i.e. using the company domain directly for Marketo emails - but rather marketing@mail.example.com to preserve @example.com for non-marketing emails.

3. From what I've gathered, Marketo doesn't support BIMI out of the box, but it's possible to configure (with an additional cost). If you've implemented BIMI through Marketo, was it worth the effort? Did you see any noticeable difference?

I don't think Marketo has anything to do with BIMI eventually, and thus can't or won't charge you. BIMI is a setting on your main domain - like example.com. And any subdomain under example.com will inherit its BIMI settings.

Well, and "is it worth it" is the million-dollar-question. What do you mean exactly? Does BIMI create an uptick in opens, clicks and revenue? Or does it just look better in Gmail on Android? - I honestly can't say if it's worth it in that regard. That would require substantial testing and analytics, which is difficult as A/B testing isn't really an option. I don't see BIMI being widely used, neither in B2C or B2B, and that is probably because most companies aren't convinced of such an uptick.

We have 2 clients with BIMI and 10 without, and we can't see any difference. But again: Difficult or probably impossible to compare.

Christiane_Rode

Speaking to your third point, BIMI is not tied to your Marketo instance, so you wouldn't implement it through them. You could implement this on your general domain without any specific MAP or ESP if you meet the requirements.

The costs associated with it come from the VMC or CMC (other than labor costs). I believe that, while you don't need a VMC or CMC it's strongly encouraged as certain email clients like Gmail won't display your logo if you don't have a certificate.

Additionally, once implemented, it might take a little while for the logo to appear consistently in certain clients (like gmail).

SanfordWhiteman

1. Our IT team mentioned that either SPF or DKIM needs to align with the domain in the "From" header for BIMI to work, especially with Gmail enforcing this for bulk senders. My understanding is that DMARC alignment could be a requirement too. Has anyone dealt with this?

To be clear, there’s no such thing as “alignment” outside of DMARC.

SPF and DKIM on their own don’t speak “alignment.” They use the concepts of pass/fail/unknown in the case of SPF, and valid/invalid (equiv. to pass/fail) and reject/quarantine in the case of DKIM.

DMARC created the concept of “alignment” to mean a relationship between the From: domain and the SPF and/or DKIM results for the same message.

So what your IT team is referring to is DMARC alignment, which as Michael confirmed is a requirement of BIMI. BIMI also requires a strict DMARC policy. A policy is how your domain instructs senders to behave when DKIM is not aligned. You can have a permissive DMARC policy that’s more cosmetic and still be considerred “using DKIM.” But you cannot have a permissive DMARC policy and use BIMI.

Also note that it’s impossible to have SPF alignment if you’re using Marketo. You will always rely on DKIM alignment. That’s fine, DMARC doesn’t value one more than the other and having both adds nothing.

2. There's some concern about using a branded domain as primary domain, specifically around brand reputation and complexity. From what I've read, it's generally not recommended. Thoughts? Can anyone provide additional information?

Unclear what you mean here. As Michael asked, do you mean a subdomain, e.g. mktg.example.com? It’s fine to use a subdomain. It will not keep y0u off blocklists in any way, however — since blocklists just list your shortest private domain, e.g. example.com.

A subdomain can be useful for creating separate policies, though. For example, you can publish a strict DMARC policy for example.com which makes it harder to forge emails From:user@example.com, while certain subdomains are looser w/DMARC because you’re not 100% sure all senders using that subdomain are properly signing emails. (Of course as noted above you must have a strict policy to activate BIMI.)

Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains

Re: Looking for advice on BIMI, SPF/DMARC alignment and branded domains