Understanding DKIM, DMARC and BIMI

Email authentication encompasses technologies that help ISPs ensure that a given email message truly originated from whom it claims to be from. Though primarily implemented (and originally designed) for anti-forgery purposes, there is a strong connection between proper email authentication and email deliverability success. 

SPF (Sender Policy Framework) email authentication uses a simple DNS record that contains a list of IP addresses of servers that are allowed to send mail on your domain’s behalf. 

DKIM (DomainKeys Identified Mail) email authentication applies a cryptographic signature message using a public-private encryption key pair. This hidden “DKIM signature” header helps an ISP ensure that a given email message came from a server authorized to “sign” mail for this domain, and that the message was not modified in transit. 

DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol that allows domain owners to protect their domain from phishing and spoofing by publishing a certain “policy” (such as “reject”) via a DNS record, which can be used to tell ISPs to reject fraudulent mail referencing their domain name. 

BIMI (Brand Indicators for Message Identification) is a newer specification that allows for a company logo to display adjacent to an email message in the inbox. Multiple ISPs plan support for BIMI, but so far only Yahoo (Verizon) has gone live with support for the BIMI logo standard. 

Do you need help understanding which of these technologies you should implement and why? 

My name is Karen Balle, and I’m an email deliverability expert. I can help with that! 

Contact me today.