Overview
00:00:35 – Guess who’s back. Matt V is back.
00:02:14 – BIMI recap! Never hurts to recap!
00:05:16 – What is the BIMI Group?
00:11:32 – Yahoo and Google support BIMI, sooner or later Microsoft will.
00:00:00
Eric Trinidad: Welcome to Email’s Not Dead. My name is Eric and is with me as always, Jonathan, how are you, sir?
00:00:05
Jonathan Torres: Doing all right, man. Doing well. How about yourself?
00:00:07
Eric Trinidad: Doing all right. Doing all right. We’re a podcast for email geeks, by email geeks, and of course Jonathan is the Sam Wise, to my Frodo. And we have a very special episode today.
We wanna know how we cannot simply walk into Mordor with a SVG file and get BIMI going. So with us to help us on our incredible journey is Matthew Vernhout. How Matt, how are you today, sir?
00:00:35
Matthew Vernhout: I’m great. Thanks for having me.
00:00:36
Eric Trinidad: Yeah, yeah, man.
00:00:38
Jonathan Torres: It was very long-winded in introduction, Eric.
00:00:41
Eric Trinidad: Yeah. Yeah, man.
00:00:42
Jonathan Torres: I like the journey you were trying to, you were trying to portray there.
That’s a, that’s a good one.
00:00:45
Eric Trinidad: Yeah. I was trying to paint a word picture, you know. Hopefully everybody’s along for the ride. Matt, you’ve been with us. Oh my gosh. You know, you were in our, probably our first handful of episodes, or as Jonathan likes to call ’em.
00:00:56
Thomas “T-Bird” Knierien: Six years ago.
00:00:57
Eric Trinidad: Yeah. The, the fast five.
00:01:00
Matthew Vernhout: Geez, I know where I sit on the priority scale.
00:01:04
Eric Trinidad: Yeah.
Well, no, man. It’s great to have you. I really appreciate you coming in and you know, sharing all your knowledge with us, if you don’t mind you’re the Principal Email Advisor at Email Industries, BIMI group communications chair and Email Karma Founder.
00:01:23
Matthew Vernhout: Yes.
00:01:24
Eric Trinidad: All that and more.
00:01:25
Matthew Vernhout: All that and more. Yeah. If you wanted the whole list, how much time do we have? Yeah.
00:01:32
Eric Trinidad: And, and long hair enthusiasts. I am very follicly challenged on this podcast with all you gentlemen.
00:01:38
Thomas “T-Bird” Knierien: So, this is. Also the annual meeting of email geeks with long hair. Yeah. I’d like to, I like to call this meeting adjourned.
Yeah.
Long hair and facial long hair and face. We got it all covered.
00:01:51
Eric Trinidad: Yeah. Yeah. Oof. I just barely made it in. Yeah.
00:01:56
Thomas “T-Bird” Knierien: Your dues are late Eric.
00:01:57
Eric Trinidad: Yeah, I know. Yeah. Well enough about my face. Let’s talk about Matthews, sir. Let’s talk about some BIMI. If you don’t mind refreshing everybody’s memory. BIMI, what is it?
What does it do?
00:02:14
Matthew Vernhout: Yeah, so, BIMI or the you know, the idea of putting a logo, an icon next to your, email name. So basically taking that avatar slot would be, you know, the idea. So BIMI, you know, maybe I’ll start with, it’s the brand indicator for message identification. That’s the longer name.
Yeah. I guess it’s an important thing to start with that
00:02:36
Eric Trinidad: It’s scientific name. Yeah,
00:02:37
Jonathan Torres: Yeah, yeah, exactly. It’s the Latin name. There you go.
00:02:42
Matthew Vernhout: So generally the idea is it’s how do you take an email domain, you know, an associate, an address or an avatar with it across multiple domains at once.
Right. It was a very sort of fragmented setup. Before, you know, Yahoo was doing their own thing. Google kind of did their own thing. Microsoft, mm-hmm. Was doing their own thing for a while, et cetera. Right. And a group of us got together and said, what if we could just. Do it once and everyone could benefit from it.
And that’s where sort of the idea of BIMI came from, right? Is set it up one time, everyone can reference it. There’s some validation that gets done. It gets tied to authentication for your domain to make it a little more secure and make sure that you’re not seeing cross pollination. Because there was a history of like, this is my domain, but not my logo showing up.
Because sometimes the people that were approving logos or pairing logos. Didn’t necessarily think that, you know, domain.com versus domain.co.uk may not be the same company, but they would assign the same logos to them. So you know, in this case, as a brand owner, you can assign your own logo now.
00:03:49
Jonathan Torres: Heck yeah. I feel like I also need to, just to tag along with the definition, this has nothing to do with the definition of it at all. You know, know when we start talking about this subject in general, people start to get a little bit timid about it, thinking it can get a little too technical or there might be a little too much going on.
We’re gonna try to keep it light. We’re gonna try to touch on the, the feeling of BIMI rather than the technical configuration and everything else. We might talk about a few of those things, but we definitely wanna talk about itas a whole. So don’t stop, don’t tune out.
Just listen a little bit.
00:04:20
Matthew Vernhout: I’ll explain it, like I’ll explain it like I’m explaining it to a 5-year-old.
It’s all good.
00:04:22
Jonathan Torres: Yeah. Eric, explain it to Eric. It’s totally fine.
00:04:26
Eric Trinidad: Yeah, right here. Hit me. You know, like, like, you know, I like to think of it as a, like, as a cherry topper, I was, oh, it just reminded me, ’cause I had a cherry pen right here. You know, for, you’re like, oh, your good deeds, you know, but it’s not as easy as just like, Hey, you’re doing well.
Like, boom, you get a logo now, like, you know, trying to understand like where like, like how beneficial is it? You know, is the juice worth the squeeze? ’cause there is a little bit of legwork, but, you know, we can get into that a little bit later.
00:04:56
Jonathan Torres: And I think the, the second topic that we know we had is Eric already did the introduction for this.
Matt, you’re leading the, the BIMI group you know, kind of driving adoption for DMARC enforcement. So that. I guess like, kind of pushing this out, right? So like, just tell us about the BIMI group. I know you’ve explained that to us, but you know, what are you doing with the BIMI group? What’s kind of its objective?
00:05:16
Matthew Vernhout: Yeah. So the BIMI group is, collaboration between the teams at Google, Apple, Yahoo, Comcast, Fast Mail, MailChimp, Twilio and a few individual members such as myself not necessarily affiliated with the company as a member. And what we’re really trying to do is, is the, the basis of BIMI started as a way to reward people for doing DMARC and getting good authentication along the way.
At an enforcement level. Right. DMARC’s been around a long time and it was really how do we continue to drive adoption, right? We all know 2023, Google and Yahoo basically said, do it or don’t deliver, which was like a big benefit to the BIMI in a way. To sort of get everyone to that level of, okay, you’ve already started the journey.
But really it’s the reward for doing authentication well and getting to an enforcement status. That’s your prerequisite. If you’re not doing DMARC at either a p=quarantine or a p=reject, the BIMI’s not gonna work. So that’s sort of step one for implementing BIMI.
And if you can do that and you own a trademark on your logo, you know it, it’s a way to put your, like I said, put your brand right in the user’s face. You know, historically studies have shown people recognize logos or pictures faster than words, right?
Everybody in their brain can say, I know the logo for Burger King.
I know the logo for McDonald’s. I know the logo for, you know, bank of America. I know what it looks like. Boom. It’s gonna be in your face every time you open that email button.
00:06:53
Eric Trinidad: Yeah, and even more trusted. I feel, you know, if I, you know, if I see a logo there that I know tried and true, I was like, okay, this is definitely coming from hot topic.
I definitely know I want to get in there and. You know, get my points, you know.
00:07:08
Thomas “T-Bird” Knierien: HT
00:07:09
Eric Trinidad: Yeah.
00:07:10
Matthew Vernhout: You know, with the, like with the previous avatar set up, right? Like anyone could create a Google account, upload whatever image they want, right? BIMI now is saying, it’s not just a matter of uploading a logo to your Google account.
It’s now a matter of Google saying your logo is hosted and verified and has a certificate with it, and you have good reputation and strong authentication. Now I’m gonna show you your logo.
00:07:33
Eric Trinidad: Mm.
00:07:33
Matthew Vernhout: Right. So they were actually taking that a step farther to reduce the amount of impersonation that was previously happening.
00:07:39
Eric Trinidad: Oh, yeah. Right on.
00:07:41
Jonathan Torres: I mean, it, it’s definitely one of those things where I know it was recommended all over the place where you can go and, Hey, you don’t have any way to identify yourself. Go in, create an account at this location, put in whatever you want as your photo for your logo, and then that’s gonna be, you know, set in everywhere. But it, it is, it’s one of those things where it’s just it can be hacked, it can be, you know, still impersonation by a different entity that’s doing that. And just signing up and getting those lookalike domains and, you know, changing the little things here and there to get something else that’s registered that’s close and then it becomes very dangerous to have that done in and of itself.
And I know that, that when we talk about brand, we talk about branding, we talk about the, the people that are wanting to do that, and I know there’s a lot of ’em that are already pushing out the BIMI records, pushing out DMARC, getting everything set up and well and done. But I think the other thing that we wanna call out is that it’s not just for them, unless it is Matt, I’m sorry if I’m speaking outta of turn just for those big guys.
00:08:34
Matthew Vernhout: No, I, ideally it’s for everyone. Right. Unfortunately there’s some costs associated with it from the point of view of, you know, you gotta do DMARC, which might have some cost for business process to get all your authentication set up and things like that. You know, if you have a vendor that doesn’t support alignment for authentication, maybe you have to change vendors or maybe you’re waiting on your vendor to upgrade.
Things like that. Like these are things that need to happen anyways, And then, you know, to get a certificate, there’s a cost to that as well. Like any other certificate. And I think that’s the piece where some people stumble is, oh my God, the cost of the certificate, right? But like BIMI has a cost free alternative.
It just doesn’t work everywhere.
So, you could publish, I publish my logo on my domain. I don’t pay for a cert from anyone, but it also means that there’s limited audience for it.
I do it because I wanna learn how to do it.
So I can walk it through my customers, right?
So it’s, it’s certainly that kind of thing. But yeah, like unfortunately there’s cost associated sometimes with doing business. And this is one of those costs, you know, call it 150 bucks a month is roughly what it’s gonna cost you, give or take, based on current certificate prices.
00:09:50
Jonathan Torres: And, and that’s the, the certified mark, right?
Not the verified?
00:09:55
Matthew Vernhout: They’re both around the same price actually. And part of the reason for that is the verification process that you go through is basically the same, right? You have to show up, you have to have, you know, proof of who you are, proof you work for the company. There’s an entire verification proof that you own the logo, right?
There’s a whole verification process that you can’t necessarily automate. And that costs money. It costs time. So could there be a, you know, more affordable options? Sure. But that’s the cost of stuff is outside the BIMI group’s perview because the certificate providers manage that. So, you know, we can recommend to them or tell them, you know, we’re getting complaints that people think it’s too expensive, but you know, I might as well go and complain that the cost of my car is too much to the dealership as well. They don’t necessarily have a say in it, right? The manufacturer sets the price, and in this case it’s the same with the cert providers.
They set the price, they follow the rules, they help people get onboarded.
00:10:54
Jonathan Torres: Granted that’s a great example, the car example. And it is one of those things where it depends on who’s at the table, right? It wouldn’t, and coming into these conversations and wanting to participate in them, if somebody new to the market that wants to do these kind of things and they come in with a lower price, well then that drives the whole market down.
So there’s always variability there. And that totally makes sense. I did wanna ask like for the verified mark versus the certified mark whenever we’re talking about that stuff, for everyone that doesn’t know those are certificates that you have to get for your logo and publish them with your logo and that allows it to show up.
But when you don’t have those where’s the limitation? Likewhere are you seeing from experience, from what you know of with where that logo is gonna show up and where it’s not?
00:11:32
Matthew Vernhout: So some, some mailbox providers have decided if you’re doing DMARC and you publish a self-assessed sorted logo, so it’s basically a logo with no certificate.
They will show it for certain classes of mail. For example, Yahoo will show it on marketing communications that have a good reputation with or without a VMC or CMC. But they’re only gonna show it on a subset of mails. Oftentimes people will be like, well, I set it up and I sent myself a test to Yahoo and it didn’t work.
It’s like, well, yes, for several reasons. Your personal email is never gonna show it. But you know, if you wait and you send enough volume email to Yahoo, their system’s gonna flag that you’ve published a BIMI record. They’re gonna flag that somebody should review it on their team ’cause they do have a manual review.
The team will, okay, approve it, and then your logo will show up on your transactional or marketing mail. It’s not gonna show up ever on your personal. It’s just the way they’ve got it set up. Oh, whereas Google won’t show your logo at all without a VMC or a CMC. Fast mail, for example, will use the VMC if it’s there, but they don’t necessarily care as much.
The Post also has some, some rules around that, where if you don’t have a cert, you can contact their team and their team will go through a bit of a validation or verification process with you. So, you know, this cert makes it a lot more streamlined. Apple requires the cert as well, but not everybody does.
And it really depends on your audience, right? And I would even say it depends on your audience if you should get a cert, your audience is 80% Microsoft. Wait. Microsoft’s not currently supporting BIMI, so it might not be worth it. But if your audience is 80% Gmail, okay. It’s probably worth looking at cert because it’s gonna have the biggest impact there.
00:13:19
Jonathan Torres: I feel like that was the elephant in the room. Microsoft and them not supporting it yet.
00:13:25
Eric Trinidad: Hey, they’re getting there. Yeah.
00:13:26
Matthew Vernhout: I can’t comment on whether they’re going to or not either. Unfortunately, that’s for them to announce should they choose to. But I do know we’ve had several conversations with them trying to lay out sort of the benefit for the mailbox provider side.
Also sort of the benefit for senders and sort of how it helps with, you know, the Google and Yahoo have both put a check mark to say they verified the sender as well. Yeah, right. So there’s an actual visual indicator that says they’ve visualized, they’ve authenticated the logo, they’ve authenticated the domain, so they believe that it’s a trustworthy sender.
00:14:02
Jonathan Torres: Yeah. And that, that totally makes sense. And I think that’s it’s fair and it’s valid. I think it’s one of those things that needs to happen. And I think then as the senders, I know that’s one of the things from our side, because we get to communicate with those senders a lot and know and understand where they’re at and what they’re trying to accomplish.
We encourage them to do well DMARC, first of all, like everybody should be doing DMARC, period. And then the next part is that BIMI step, and then whether they should do it and the evaluation that they need to take on their internal business process level of doing the certificates you know, kind of getting everything registered, getting everything published and putting it out there.
And I know there’s more, there’s certain companies that are more willing to, and then whether they’re ready to or not, they’re more willing to have that conversation. And there’s other companies that really should be having that conversation that we see that they’re not and don’t have a whole lot of interest in it.
From my perspective and from my side of things, it’s trying to encourage them and trying to get them to understand the benefits and understand the downfalls. I kind of wanted to have a little bit of a conversation around that. Like, when is it worth it? What are people seeing in the space in general, whether they’re doing it or they’re not, or they’re waiting or, or what the case is.
Matt, from your side.
00:15:11
Matthew Vernhout: We talked about sort of the infographic that the BIMI group has in regards to where we know current support statuses, right? There could be other domains we don’t know about. People have been developing this on their own, integrating it into their solutions.
Some of them tell us, some of them don’t. Or, you know, when we’re at an event, we might talk with somebody and they’ll say, oh yeah, I’m really interested in doing it. We’ve started to make, you know, steps down that path. So, you know, as we’re seeing on the screen here, like left hand side, these are all the domains that we know that currently support.
And when I say all, like, it also includes like, you know, fast mail has multiple domains like PO Box and things like that. So they’re gonna support that. Google has all your Google Workspace stuff. It supports you know, GMX and Web de. Are supporting it in a fashion because they also have other tools.
But then mail.com, which is also part of their infrastructure, isn’t yet ready. Right? So there’s different parts that are progressing. But, you know, I would say at least half of these on this, this list of supporting, developed it on their own and then reached out to us and said, okay, we’ve done these things.
Sometimes they have questions, sometimes they’re just letting us know. But basically everyone in the middle has their own sort of classification of how they’re doing it. And, and at this point, you know, Microsoft had their own logo verification for a while.
00:16:29
Matthew Vernhout: That kind of went away.
We’re hoping at some point they come back and say, yeah, we’re gonna work on BIMI. But at this point, you know, they’ve kind of kept the cards close to their chest. So we don’t know.
00:16:42
Jonathan Torres: That was a interesting choice. I mean, and every platform I think has to definitely try. I mean, there’s other things that have come out of development in that way.
So I’m not gonna knock them for not doing it and not participating from the beginning. But you know, at this point, it’d be nice for them to have, I know people have been asking about it and like that’s great. And if it comes cool like that’ll just bring in somebody else that’s gonna do it.
I mean, to your point exactly that the what you were saying earlier that if you’re sending email over to just Microsoft itself? Maybe it doesn’t matter, you know? Don’t kill yourself trying to implement something like this. Focus on the DMARC, though, I’m gonna keep saying it. DMARC is definitely the one that, that you really, really wanna look into.
And then the BIMI side would be, would be second. I know Eric, you talked to a bunch of different subset of people that I talk to. Like what does it look like for you? Like the people that are considering or not?
00:17:26
Eric Trinidad: Yeah. I know that the conversation has been brought up more. And Microsoft has always been one of those that been like top five, you know, when we’re looking at, you know, recipient domains and, and how their lists kind of pan out.
It’s usually like anywhere between 60 to 85%. I’ve had one, you know, sending to Google. And then the rest of ’em are like a mixture of either Yahoo, Microsoft, or you know, Comcast is up there as well. So of course it’d be great to, to have them into the fold and like with, with them like recently doing the authentication push and you know, pushing more for transparency.
You know, it, I think it’s probably moving them toward that step. I know Matt, you probably couldn’t talk about it, but you know, it, it seems like it’d be probably getting there.
00:18:14
Matthew Vernhout: I actually have no insight into where they’re currently at, but I would say, you know. Since they’ve started to take those steps to require authentication. You know, like, like even for, for a brand to implement BIMI, the receiving platforms have to be set up to do all the authentication testing and stuff as well.
So, you know, I have no insight into what their actual plans are, but I would hope that this is a path that they’re looking at.
I, like I said, I know that, that I’ve had conversations with people from Microsoft at different events that that many of us frequent. And sort of put it in, and it’s always been, I mean, it’s on the radar, but anything that’s on the radar with them could be 2, 3, 5, 10 years away because their development list is so long. But there’s no official announced plans. Or if they had announced plans, I would’ve moved them one category to the left. At this point, you know, it’s something that we would love to see. But really it’s up to them to come out and tell us that they’re willing to do it.
And they may not even do that until they announce that they’re gonna support it. Right. They’re somewhat secret that way.
Sort of announce things as they happen.
00:19:17
Eric Trinidad: Yeah. I think it’s crazy. Like they have you know, I’ve seen some like, what is it, like webinars that they’ve put out?
I’ve seen like, you know, different events that they’ve been at and they’ve been kind of transparent about some other stuff. You know, I’d hope that we see something more about this soon. ‘Cause I’m like, like JT was saying, you know, it’s a good to have and it pushes like those good senders just to give them that extra, you know, little something.
00:19:44
Matthew Vernhout: The other thing you’ll probably note about most of these platforms you see on the page is they all control their own mail environments, right?
Like, these are gonna be in their, either their mobile apps or it’s gonna be in their web client. But you don’t see here yet. Things like Thunderbird, Outlook desktop you know.
Other sort of desktop based email clients because it’s actually much harder to be the external MUA trying to figure these things out compared to the web client or the mobile client that’s controlled by gmail, for example.
They can do all that stuff in the backend, cache things, whatever. It’s a lot harder for someone like a Thunderbird to potentially do it.
You know, even here, you know, showing on the screen now kind of what it looks like. Now these images may be a little bit old ’cause they don’t necessarily include the check mark avatar, but this is an example of what BIMI is going to look like in your mail client. On the left hand side, it’s what it shows up like in the list view.
On the right hand side, it’s what it looks like when you open the actual message in your message view. So you’re gonna see that continuation of logo across the board. The only other thing I can say is every client’s a little different. So while this is what Google might look like or what Yahoo might look like, you’re gonna see it slightly different across the board for different clients and sort of how they render it.
We tried to give a general idea
00:21:08
Eric Trinidad: Yeah.
00:21:09
Matthew Vernhout: Of what that looks like here.
00:21:11
Eric Trinidad: And of course different with Apple, you know, I think I’ve had some folks, you know, reach out to me specifically saying like, Hey, we can’t see it in our Apple applications, you know, is there something wrong with it?
Is there something going on? And, you know, like, it just looks, I could see it here, you know, it looks different, you know.
00:21:29
Matthew Vernhout: And this is one of those pieces, right? The implementation of BIMI by like, say iOS mail, right? Requires certain headers be injected into the message by the recipient domain because it’s not likely Apple.
Right. So they need someone like a fast mail to insert, you know, here’s the BIMI headers that I looked at and verified and, and you know, maybe they have to arc sign them, things like that. So, you know, Apple has a set of requirements. They’re listed on their development pages. If you wanted to show, you need to be first off on that list of mine that you were looking at with the infographic.
Yeah, you have to be on that list, which means you have to talk to somebody in the BIMI group. That’s one. Secondly, you have to inject the right headers for Apple based on their development guides to have that logo carried forward, right? This is the, you know, the beauty of email. Everything is consistent except until it’s not consistent.
Yeah. Right. So, everything’s the same for everyone, except it’s not. So yeah, the general, the general idea is, you know, BIMI gives you a standard as a publishing entity to say, here’s where my logo is, here’s my verification, you know, here’s my certificate. The mailbox provider or the entity displaying the logo gets to choose where, when and how.
The one piece that you know, I know we talked about it when we were sort of planning this discussion, BIMI has uses beyond just email as well, right? This could be put in search. Well, Google could take these logos and put them in search, say it’s a verified domain, we know there’s a certificate. It could be put into the new subscriber centers that they’ve been launching, so the logo could show up next to the sender name.
Basically anywhere that you could have a representation of a domain and logo tied together, you could use the BIMI records to do so in some fashion. It was never designed to just be email exclusive. So social networks could use it. Any platform, any email platform could use it internally to say like, here’s your user avatar.
Imagine, you know, someone logged into your platform, right? One of your platforms, and their user avatar was just automatically because they verified their domain with you their BIMI record logo. They know what it looks like immediate.
So it has implications beyond just email that we haven’t seen anyone sort of really develop yet.
00:23:55
Eric Trinidad: It’s pretty dope.
00:23:56
Matthew Vernhout: If you wanna do that, reach out. We’d love to talk to you.
00:23:58
Jonathan Torres: Yeah, if you’re out there. Yes.
00:24:01
Matthew Vernhout: BIMIgroup.com. Contact us. Yeah, we’ll reply.
00:24:05
Thomas “T-Bird” Knierien: Matt will, follow up. Yeah. But it has a point though, because that reminds me, like, and, and we were talking about this when we were playing this but looking at the iOS side, especially on Apple mail, but I’m so glad that Apple took the time.
I was literally just looking at it as we were just talking about this. If you literally go to an email, like I’m looking at an email right now from Live Nation. Ugh, Live Nation, that’s a different topic. But that’s another podcast.
00:24:27
Jonathan Torres: But you brought it up.
00:24:28
Thomas “T-Bird” Knierien: I know. Yeah. That’s a different, that’s our music podcast.
But if you go to, like, if I go to an email right now from Live Nation, I see their BIMI logo and it’s literally got a check mark next to it. If I click on it and it literally says from Apple, it’s like your email provider iCloud verified that this email is coming from the owner of the logo and domain email.livenation.com.
And then it takes you to a hyperlink and an actual article about BIMI support in Apple mail. Like that’s amazing. Like we’re finally making these connections for the rest of consumers and the rest of other people because like I primarily only get to talk to people like you guys get to talk to more like highly technical people, while all the folks I talk to are a little bit more on the learning for the first time side.
So it’s making it easier and easier for the people to like, you know, figure it out. Like, okay, this is a reputable email source. This is someone I can actually trust. These other ones, you know, these, you know, possible, you know, south African princes that want my, my money that’s not real. So it’s, it’s good things.
I’m happy about it.
00:25:26
Jonathan Torres: And I mean, to your point though, it’s awesome to see that it is happening and when there is adoption, because. I think we are constantly talking about security and, and doing all those things on, on the internal side, and when we do the podcast, we talk a lot about protecting your brand, protecting your domain through reputation, doing the right thing, and making sure that you’re hitting the right audience.
Then we also talk about doing things like DMARC that’s going to lock it down so people don’t impersonate you and do those kind of things. This is that next step of brand recognition when people see and recognize your logo and you can then show them that it’s you, I think that’s a whole nother step and a whole nother level, which is really good for email in general.
I think the email industry where, you know, the podcast itself is called email’s not dead, but we want email not to be dead. ’cause otherwise we’re gonna be out of a job, at least this one. But when, whenever you have that, and I mean, I know going through my mail and I see. Those logos start populating on there.
I mean, being internal and being in mail, like, lets me know, okay, they took the extra step, they took the extra time to do that. From a non-technical person, from somebody who has that perspective of just, you know, sitting there. I’ve talked to different people that way that do see those logos and they recognize, and then they know me as the email person, so they’re like, how come this company has the logo on their thing?
And this company doesn’t, it’s like. Cool. They took the time to verify. They’re just showing you that they are who they are, and I can confidently tell that to people like my mom who’s prone to clicking on spam. Not that she has in a while, but she did. She used to. So just to call her out a little bit.
But you know, it’s one of those things where it is those steps and it is evolving and getting closer to hopefully a better place and a better world. And we keep cleaning it up as we go along.
00:27:03
Matthew Vernhout: Yeah, that’s a good point. I mean, it’s all incremental steps. I mean, it took more than a decade for somebody to come out and say, DMARC is now mandatory, right?
Maybe in a decade we say BIMI is now mandatory as well. I mean.
00:27:18
Jonathan Torres: The baby steps.
00:27:19
Matthew Vernhout: We don’t rush these things anymore.
00:27:20
Eric Trinidad: No, no, man.
00:27:24
Thomas “T-Bird” Knierien: We take our sweet, sweet time.
00:27:25
Matthew Vernhout: It’s all about the carrot before the stick.
If you wanna see some of the logos that have recently shown up in BIMI, the brands that are implementing the records RedSift put together BIMI Radar. So you can go and you can see what the logos look like. You can go and see when the certs were issued.
It’ll give you some indication of the last 50 certs or whatever it is that were issued. And you can kind of see if you scroll down just a little bit. Keep going to the graph. One more. Yeah. So you can see this bottom graph here, right? So this yellow line, I believe is DMARC adoption over time, the green line is…
Okay, can you hover over it for me? I wanna see what the popup is. There we go. So there’s DMARC reporting domains, BIMI ready domains, BIMI aware domains, and then BIMI with VMC. So you can kind of see this was September, 2024. Right now we’re moving it into January. We’ve got this huge push. There’s 5,000 domains showing VMC almost here now.
So like it, it is steadily growing. As we go across with the number of brands adopting BIMI and being BIMI ready. And there’s a huge gap between DMARC ready and BIMI ready.
But you can see they’re both trending upward, which is what we actually wanted to see as an industry group moving forward with, you know, this type of surface.
It’s still a relatively small number of domains. But it’s growing month over month.
00:28:55
Eric Trinidad: I was gonna say that bump there, you said that was when the Google, Yahoo enforcement happened?
00:29:00
Matthew Vernhout: It was kind of farther back than that. I think it was March, 2024.
Maybe it’s falling off the chart at this point, because I think the chart only goes back a year and a bit, but like there was a huge jump sort of before March of 2024. of DMARC adoption, but you can see that it’s almost doubled in the last sort of, call it 18 months.
00:29:19
Eric Trinidad: Yeah.
00:29:22
Matthew Vernhout: From 4 million to seven something or more million so.
00:29:28
Eric Trinidad: Nice.
00:29:28
Matthew Vernhout: 4.3 up to 7.8 for DMARC reporting. BIMI ready is now three and a half million. The numbers are very small on the graph, but you know, we’re seeing that steady shift in growth of people who are implementing it and adopting it. Which is great. It’s what we wanna continue to see.
00:29:49
Thomas “T-Bird” Knierien: 10 years.
We’ll check back on this in 10 years. I bet it’ll be massive.
00:29:53
Matthew Vernhout: Everybody will be doing it.
00:29:55
Thomas “T-Bird” Knierien: Yeah, everybody .
00:29:56
Jonathan Torres: We need to bring Matt down for other topics besides that, you know, so we don’t wait another 10 years to have ’em on.
00:30:03
Thomas “T-Bird” Knierien: We’ll do a six year check in here.
00:30:04
Matthew Vernhout: Yeah, you scroll down and it’ll just show you some of the most recent logos as of today. For VMC. So, and the date, so like, you can see like these most recent ones three days ago, which was Friday, which probably means that the new ones haven’t been updated since Friday so.
00:30:19
Eric Trinidad: Hey, it’s Monday.
00:30:20
Jonathan Torres: That’s awesome. That’s really cool.
00:30:21
Matthew Vernhout: Yeah, and I think the other thing, so like DMARC, put it at your org domain and all your subdomains will follow suit as long as they are DMARC enforcement subdomains. So you don’t have to go out and buy a VMC for every single subdomain. You can buy one for your organizational domain.
Some of these, you’ll notice it might be the same logo, but it’s because one’s a .com, one’s a .co.uk. When you have different TLDs, you need to buy additional information in your cert. It could still be one cert that covers multiple domains. But for every domain you add, there’s an additional cost.
00:30:54
Eric Trinidad: Oh yeah.
Oh, nextdoor. They just updated their app. Oh yeah.
00:30:58
Thomas “T-Bird” Knierien: I know. I just saw that. I was like, oh, that’s in my inbox. Oh, great. Now I know everyone in my neighborhood complain about the same thing. I’ll be able to see like also liquid death. Very cool. I love that. Tillamook my favorite cheeses.
I love seeing this.
00:31:14
Eric Trinidad: Oh yeah. The way that logo looked, I was gonna say cheese, but then I was just like, nah, it’s probably like fancy yachts or something.
00:31:20
Thomas “T-Bird” Knierien: Yeah. No, it’s. Yeah. Mary Kay, the pink Cadillacs. Yeah.
00:31:24
Jonathan Torres: Yeah. That’s good stuff.
00:31:25
Thomas “T-Bird” Knierien: Yeah. Terminix. Yeah.
We could look at these all day.
00:31:33
Jonathan Torres: Now you’re just calling out your favorite brands.
00:31:34
Eric Trinidad: Instacart. Hey. No. Alright.
00:31:38
Matthew Vernhout: One thing I’d want to close with, yeah. Because I know we’re getting close to time,
Is just the common things that I see errors with BIMI logo files.
First off, put on a solid background. Put your logo, don’t use a clear background because it looks really weird between dark mode, light mode.
00:31:54
Eric Trinidad: Put on a solid background. Make it square, make it look good in a circle.
00:31:58
Matthew Vernhout: Like understand that your logo’s gonna probably end up in a circle, or what do they call, like a squirkle? So it’s like a squared off circular square, right? So make sure your logo looks good there. So leave enough white space. What’s the design term? Bleed space or something like that.
Make sure you leave enough of that. It’s gotta be square, it’s gotta be a tiny PS version. So in, you get a lot of people that complain, the base profile for SVG has been discontinued or no longer used. But for our version of SVGs, it’s still there. its own, it’s own sub classification, tiny ps.
So base profile would need to be that we also have to have SVG version 1.2. So there’s potentially some manual manipulation to your SVG file you need to make in that case. But just, yeah, understand it’s gonna look in a circle, so expect the, you know, what it would look like that way. And what else?
We have some great tools on the BIMI group website to help you. So if you’ve designed your SVG and you’re almost there and you can’t quite figure it out, use the conversion tool. The conversion tool is open source. You can read all the code if you want. Basically, all it does is manipulate the SVG in a little bit of ways to make sure you have the right version number, the right base profile, the right title.
Structure. It’s not doing anything malicious that way. So, use that. It’ll really help. lot of times people come to me like, my SVG’s broken and I just run it through the tool and send it back to them and be like, works fine now, because they get like 90, 95% of the way there and they miss that one thing.
So. And then you post it on the secure server. Make sure it’s web accessible ’cause that’s the other thing. People will put it behind like CloudFlare. And because it’s, it’s a robot trying to reach out to the image file. CloudFlare will block it and then they’re like, why isn’t my BIMI logo showing I’ve published it?
It’s because you’ve basically put it behind a captcha. If the robots can’t complete the captcha, they’re never going to see your logo file. So just make sure it’s web accessible from anywhere. And those are sort of the really common things. And honestly for most people that reach out, they’re like, how do I get started?
We have this wonderful implementation guide. It’s the first link on our contact page. Even like read the information from the implementation guide. It’s overly simplified, but the first step is get DMARC in order.
I mean that’s how, if you ask me where do I start, my answer is 99% of the time I’m gonna be get DMARC in order.
00:34:23
Jonathan Torres: Hopefully people listening here know to get DMARC in order we talk about it way too much.
00:34:27
Eric Trinidad: Yeah.
00:34:28
Jonathan Torres: I mean, I’ll just call that myself just
00:34:29
Matthew Vernhout: Not just p=none. It has to be at a quarantine phase. Right. So it’s get it in order and then get it at enforcement. So there, there is like that additional step besides just do DMARC.
So, but that’s in the implementation guide, we tried to write it as simple as possible. Like, here’s four things you need to do. DMARC’s the first one. SVG is the second. VMC is the third. Publish your DNS is the last one. Right like it’s kind of that order. So, you know, that’s all I would say is use the tools, read the guide.
Everything’s on the website. You need to self-help.
00:35:03
Jonathan Torres: Yeah. That’s awesome. That’s really, really cool. It’s one of those things where people take or people have hesitation of diving in and taking that first step. And I think any kind of guidance they can get is great. So thank you for the guidance and also hopefully everybody listening understands that, Hey, this doesn’t have to be scary.
There’s help, there’s a lot of stuff out there for it. And you don’t have to wait to be, you know, a McDonald’s, Walmart. Who else? I don’t know who else is doing, I dunno who, who actually has the logos either, but you don’t have to get to that level in order to publish something that’s gonna be visible.
Like if you have a brand and you’re trying to establish a brand and get that known and be out there like this is a good way to start that journey and, you know, kind of keep going on that included in your path.
00:35:45
Matthew Vernhout: And there’s a couple different logo marks that are important to know.
Like there’s the VMC, which is for people with trademark logos or wordmark, right. There’s the CMC, which would be good for people that maybe don’t own a logo mark, but they had exclusive use of their logo for greater than 12 months and they’ve been using it for that period of time. There’s government mark, so if you are a government entity you can get a mark.
You just have to prove that you’re associated with the government. Usually governments have, like my logo is in some piece of legislation and just point to and be like, my logo’s here in this piece of legislation. And then there’s the idea of what’s called a modified mark. So if you have a, you know, if you have a long word or multiple words as your logo mark or word mark, stacking them, for example, would be a modified mark, because it’s not your exact match mark it’s you stack them to make it look better in a circle.
So that would be sort of a modified mark. So there’s a few different marks that people qualify for, and they all cost kind of the same. I mean, unfortunately. But as more people get into the market of selling certs, we hope that the pricing will, you know, reflect that as well. More option, more pricing options.
00:36:56
Eric Trinidad: Yeah.
00:36:59
Matthew Vernhout: We’re working on that. Working on that.
00:37:01
Eric Trinidad: Right on. Can you stack ’em too, like if you have one, like do you see folks with like all the certs or just one or the other?
00:37:10
Matthew Vernhout: You don’t need two. You just pick the best one, honestly. The best one that fits your brand. Most people go with the VMC. It has the widest adoption.
CMCs are relatively new. Government marks have been around a while as well. Obviously limited to government entities. So they’re not as widely used except for government entities .
00:37:28
Eric Trinidad: Right. I couldn’t get one. Right?
00:37:31
Matthew Vernhout: Not unless you form your own…
00:37:32
Thomas “T-Bird” Knierien: Government of,
00:37:33
Eric Trinidad: Yeah. Yeah.
00:37:34
Thomas “T-Bird” Knierien: I think government of Eric Trinidad.
00:37:37
Eric Trinidad: Man, come on.
00:37:38
Jonathan Torres: Out of all the ones. Yeah.
00:37:41
Matthew Vernhout: Government of Trinidad, Texas. There you go. Yeah.
00:37:44
Thomas “T-Bird” Knierien: Wasn’t like a family guy episode where like he had his own like country that was around his house.
00:37:49
Eric Trinidad: Oh yeah.
00:37:50
Thomas “T-Bird” Knierien: That was a long, you remember that? That was a long time ago. Wow.
00:37:54
Eric Trinidad: The things you remember, Thomas, it’s awesome.
00:37:56
Thomas “T-Bird” Knierien: I know.
00:37:57
Eric Trinidad: Well, the things that we wanna remember are ways that we can contact you, Matt, if we wanna see anything or get in contact with you in any way. Or look at the stuff that the BIMI group has, where can these fine people go?
00:38:07
Matthew Vernhout: Yeah. So bimigroup.org is our website.
We’re also on, Blue Sky, same name. I think we’re bimigroup.bluesky.com. Whatever the search for BIMI group, you’ll find us. If you fill out the contact form at the BIMI group, the chances of me responding are, are very, very high. As Thomas found out one day when he wrote in, I responded. There are other people that do respond, but I do most of the responding.
If you ever wanna reach me emailkarma.net is my website on Blue Sky, on emailkarma.com. Eventually, I will migrate my website to.com. I just haven’t figured out how to do that without blowing up 17 years worth of SEO. You can find me email Karma. If you search for it, you’ll get to me.
I’m also on LinkedIn, Matthew Vernhout, if you wanna reach out, put in the note how you heard about me it’s easier for me to decide if I’m gonna connect with somebody or not. Yeah.
00:39:01
Thomas “T-Bird” Knierien: I heard your voice on this podcast.
00:39:07
Matthew Vernhout: Man, I get a lot of random requests for people trying to sell me stuff. So if you don’t tell me who you are, if I don’t know you. That might be slim picking as one, accepting or not. It’s a filter method that I’ve had to develop. Unfortunately.
00:39:24
Eric Trinidad: Man, I saw a fresh face Matt Matthew Vernhout, like on 15 years ago on a YouTube video, like clean shaven, short hair.
Oh my gosh. I can’t even remember what the video was, but yeah. You’re like a little kid, man. Like it was good. It was good.
00:39:40
Matthew Vernhout: I mean, then I was old. What are you talking about? Yeah, I mean this is my 25th year in email this year, so.
00:39:47
Eric Trinidad: Oh, right on.
00:39:48
Jonathan Torres: Nice.
00:39:49
Matthew Vernhout: 15 years ago. I was old in email too. Yeah.
00:39:56
Eric Trinidad: Well, man, for another 25 more, hopefully we’ll have you on before your 50th year in email. You know, please come back and join us Thomas if they want to find us for now, for then, for whenever. Where can people look for us?
00:40:10
Thomas “T-Bird” Knierien: For now, you can find us at mailgun.com/resources/podcast. You can also watch this on our YouTube channel, youtube.com/@mailgun. Email’s Not Dead is also on Spotify, Apple Music Podcasts, all that fun stuff, Google Podcasts, all that fun stuff as well.
And also, to clarify people to clarify, it is BIMI group that is BIMIgroup.org. Sometimes people will spell it as B-E-E-M-E-E or something like that. I’m like, no, it’s…
00:40:39
Eric Trinidad: beMe?
00:40:40
Thomas “T-Bird” Knierien: BIMIgroup.org. Yeah. Like isn’t BeMe from adventure Time? Like I think sometimes people mix that up.
00:40:48
Matthew Vernhout: There are clearly other groups out there that use BIMI as well.
There’s like a religious group that uses it for something. There’s an investment group I think that use it for something. So occasionally we do get misdirected email about, like those types of topics. Unfortunately we can’t help with those. Nor can we help with you lost access to Yahoo account. I can’t help you with that either.
I’m sorry. But if it’s, if it’s related to putting a logo in email, pretty sure I have an answer.
00:41:16
Jonathan Torres: Gotcha. You’re you’re their guy.
00:41:17
Eric Trinidad: Nice. Nice. All right, man. Well, thank you again. Appreciate you as always. And until the next time, everybody be safe. Take care of each other.
