Introducing BIMI asset hosting
Today we are proud to introduce Mailhardener BIMI asset hosting, as well as BIMI asset monitoring as part of the Mailhardener email hardening suite.
With Mailhardener BIMI asset hosting you can adopt BIMI for your domain with just one DNS setting. There is no need to configure your own hosting service, just drop the BIMI certificate (VMC or CMC) in the Mailhardener dashboard, and we take care of the rest.
What is BIMI?
BIMI is like verified accounts, but for email. Organizations can leverage BIMI to improve their branding in email communication, which improves recognizability. BIMI also helps the receiver to distinguish legitimate email from phishing.
- Read more about BIMI in our in-depth knowledge base article.
- Blog article: The current state of BIMI.
Our first step: The BIMI validator
At Mailhardener, whenever a new email hardening standard is introduced, we always start by creating a validator service for the standard. The validator service helps us understand the standard, as well common mistakes that adopters of the technology make.
Working together with the BIMI working group, and the certificate authorities that supply the Verified Mark Certificates (VMC), Mailhardener was among the first to offer a BIMI validator service. Free of charge.
The Mailhardener BIMI validator verifies a BIMI DNS selector record, the BIMI assets, and the hosting service against the latest BIMI specification BIMI-06. Over 200 requirements and common failure points are tested.
The Mailhardener BIMI validator service proved invaluable for early adopters of the BIMI standard. We are proud to be able to offer this service free of charge, and grateful to see that over 10.000 domains have used our validator service.
Our BIMI validator service is free to use for everyone, you can find it here
Lessons learned: why BIMI asset hosting is hard
With over 10.000 domains inspected with the Mailhardener BIMI validator, we've learned that many organizations experience issues with adopting BIMI. There are many subtle implementation issues that can result in a BIMI mark not being shown in an inbox.
The most common issue we discovered is that organizations attempt to (re)use a customer-facing HTTP service to host their BIMI assets. This is generally a bad idea, as BIMI asset hosting is a machine-2-machine interaction, not an interaction with a browser.
We've seen BIMI failing due to web services attempting to serve privacy consents, CAPTCHAs, localization redirects and rejecting email services based on the user-agent string, just to name a few.
Then there is also a line-ending character issue with BIMI, when Windows based web services are used.
TL;DR: hosting BIMI assets is more involved than you'd think. It makes sense to deploy a dedicated service to host BIMI assets.
Introducing Mailhardener BIMI asset hosting
With so many organizations struggling to adopt BIMI, we decided we should improve on this situation.
Mailhardener now offers BIMI asset hosting as part of the Mailhardener email hardening suite.
With Mailhardener asset hosting, you simply upload the VMC or CMC, and point your BIMI DNS selector to the Mailhardener asset hosting service. We do the rest.
Mailhardener will automatically extract the mark (SVG image) from the certificate (VMC or CMC) to ensure a binary match between the hosted certificate and SVG. This binary equivalence is required and a common source of error.
100% compliance
The Mailhardener BIMI asset hosting service is, naturally, 100% compatible with the current BIMI specification (which is BIMI-06 at the time of writing), and will be updated once the BIMI specification is finalized.
Mailhardener BIMI asset hosting also employs the latest TLS standards (TLS 1.3) and follows all best practices.
Features included, but not limited to: TLS 1.3, IPv6, CAA, OCSP and HSTS.
Available immediately
We are very excited to be able to offer the latest email hardening features to our customers. By making these hardening features accessible and easy to use, we hope to accelerate the adoption rate of BIMI.
Mailhardener BIMI asset hosting is available immediately for all paid Mailhardener tiers.