How to activate BIMI for La Poste?

At the time of the latest edition of the best French event dedicated to e-mail marketing - I am of course referring to theEMDAY - I had a long discussion with Ariane (Abuse Manager at La Poste) who announced the implementation of BIMI during the summer of 2022! After having integrated and applied the DMARC policies to the webmail Laposte.netI had a feeling that this nice announcement was going to happen (yay!)... The La Poste group being a precursor in France on the implementation of authentication systems compared to other webmails such as Free, Orange and SFR. About a week ago, the "Authindicators Working Group" published a congratulatory announcement for the launch of BIMI at La Poste ! I thought it was the right time to write an article on the subject! And as we are very cool at Badsender, we are preparing a nice white paper on BIMI for October... Do not hesitate to subscribe to our newsletter to be aware of its release! Let's go !

What is BIMI used for?

For those who don't know it yet, BIMI or Brand Indicators for Message Identification is an e-mail authentication protocol that aims to :

- Strengthen the security of domain names (domains and sub-domains) of trademarks by relying on the DMARC protocol.

- Make it easy for users to identify a brand by displaying their logo in the inbox.

Like any good authentication protocol, BIMI has strong requirements for its implementation! Even if anyone can add it to his own domain name, only a handful will be able to activate it in their users' inboxes…

Last but not least, not all ISPs & Webmails are able to interpret BIMI, you will have to take a look from time to time on the official BIMI website for the latest news.

Prepare your domain name for BIMI: Be compliant!

Step 1: Be DMARC compliant

As I said above, BIMI has some implementation constraints. So you will have to prepare technically your domain. Thus, to be BIMI compliant, you will need to:

- Implement DMARC on your sending domain and be compliant You will understand here that SPF & DKIM must be correctly set up and aligned (at least one of them)!

- The DMARC policy of your domains & sub-domains must be at QUARANTINE or REJECT You will understand here that the value NONE is not tolerated.

- The DMARC filtering percentage must be 100% ' You will understand here that the DMARC policy must apply to ALL emails sent by your domains/subdomains even if the RFC dedicated to BIMI does not really indicate that:

The policy record MUST express either a Requested Mail Receiver policy of "quarantine" with an effective percentage of 100%, or a Requested Mail Receiver policy of "reject" (with any percentage value).

Step 2: Publish a TXT record

To publish a BIMI record on your root domain, you will have to add a TXT record and choose a selector (as for DKIM):

- Selector: default._bimi.domain.com

- Value: v=BIMI1; l=https://urldulogo/logo.svg; a=https://urlducertificat/certif.pem;

v= Version (plain-text; REQUIRED)
l= location (URI; REQUIRED)
a= Authority Evidence Location (plain-text; URI; OPTIONAL)

Two comments on this:

• If you don't have a certificate, the value "a" must be empty: a=;
• BIMI is like DMARC, all subdomains will inherit the same record as the root domain (unless they have their own) so no need to deploy it everywhere!

Prepare your logo for BIMI: a specific format!

After tackling the technical part, you will have to create your logo and there again, there are some restrictions on its creation!

Forget the formats JPG, PNG or Animated GIFs... Your logo must be ONLY in the format SVG (Scalable Vector Graphic)! But that's not all, it must adhere to the SVG Portable/Secure profile and it must be exported in SVG Tiny 1.2. Finally, modifications to the file will be necessary to make it fully compliant with BIMI requirements.

Two options (+1 bonus) are available to you:

- Option 1 Create your logo directly in Adobe Illustrator

- Option 2 : Using the BIMI Working Group's graphic conversion tools

- Bonus Option : Call on Badsender to help you create it 🙂

Whichever option you choose, it is best to consider the following notes for optimal use:

• The images are better with a square format and a 1:1 ratio,
• The image should be centered so that it displays optimally in a square, rounded square or circle,
• Prefer non-transparent backgrounds to avoid unpredictable rendering.

If you would like more information on the first two options, I refer you to DigiCert's excellent article on the subject: https://www.digicert.com/blog/getting-ready-for-bimi-prep-your-logo

VMC or not VMC... That is the question!

It's time to take out your bank card (or not)! One of the specificities of BIMI is the possibility to set up what is called a VMC (Verified Mark Certificate) in order to "validate" its identity. It is this digital certificate that will allow advertisers to display their trademarked logo in the inboxes of ISPs/Webmails that know how to interpret BIMI. Today, there are two organizations that are authorized to provide these VMC certificates, they are DigiCert and Entrust ! On the other hand, this certificate requires non-negligible points of attention which will inevitably make some advertisers cringe:

- The logo must be registered in a recognized trademark register. Today, the INPI (Institut National de la Propriété Industrielle) is not part of it. If you want to consult the list of recognized registers, DigiCert gives you the list here.

- The cost of the certificate (and yes it is not free) is between $1,000 and $1,500 per year per logo!

According to the first studies done by EntrustThe benefits of the installation of VMC are not negligible:

• 21 % increase in opening rates with a positive impact on transactional and promotional emails.
• 18 % increase in brand recall after a five-second exposure - and the stronger the mark, the higher the increase in recall.
• 34 % increase in purchase probabilitywhich indicates a better return on investment.

It's up to you to decide if you need such a certificate or not, but be aware that it is mandatory for Gmail to display your logo!

Activation of BIMI at La Poste

Let's get back to our main topic, namely activating BIMI on the webmail laposte.net ! As I said before, you have two choices for activating BIMI:

- BIMI with VMC : You will not have to do anything on your side.

- BIMI without VMC You will have to go through the Post Office to have your logo validated.

If you are not ready to pay for the VMC certificate, you will have to go through the form available on the page Postmaster of laposte.net webmail to validate your identity. Be careful though, in the first paragraph, I mentioned this: only a handful will be able to activate it in their users' inboxes... Simply because you will have to justify that your logo is well registered in one of the organizations below... Without that, no BIMI! And good news for you, if you have registered your logo with the INPI, the organization is recognized 🙂

Once validated, your logo will be displayed in the webmail laposte.net : https://aide.laposte.net/contents/a-quoi-correspondent-les-logos-a-cote-de-mes-emails?t=rc

To conclude...

As you can see, implementing BIMI will not happen overnight, especially if your root domain has not been prepared in advance.

If you are interested in its implementation but need help on the subject, do not hesitate to contact us 🙂