Today we are proud to introduce Mailhardener BIMI asset hosting, as well as BIMI asset monitoring as part of the Mailhardener email hardening suite.
With Mailhardener BIMI asset hosting you can adopt BIMI for your domain with just one DNS setting. There is no need to configure your own hosting service, just drop the BIMI VMC in the Mailhardener dashboard, and we take care of the rest.
BIMI is like verified accounts, but for email. Organizations can leverage BIMI to improve their branding in email communication, which improves recognizability. BIMI also helps the receiver to distinguish legitimate email from phishing.
At Mailhardener, whenever a new email hardening standard is introduced, we always start by creating a validator service for the standard. The validator service helps us understand the standard, as well common mistakes that adopters of the technology make.
Working together with the BIMI working group, and the certificate authorities that supply the Verified Mark Certificates (VMC), Mailhardener was among the first to offer a BIMI validator service. Free of charge.
The Mailhardener BIMI validator verifies a BIMI DNS selector record, the BIMI assets, and the hosting service against the latest BIMI specification BIMI-02. Over 200 requirements and common failure points are tested.
The Mailhardener BIMI validator service proved invaluable for early adopters of the BIMI standard. We are proud to be able to offer this service free of charge, and grateful to see that over 10.000 domains have used our validator service.
Our BIMI validator service is free to use for everyone, you can find it here
With over 10.000 domains inspected with the Mailhardener BIMI validator, we've learned that many organizations experience issues with adopting BIMI. There are many subtle implementation issues that can result in a BIMI mark not being shown in an inbox.
The most common issue we discovered is that organizations attempt to (re)use a customer-facing HTTP service to host their BIMI assets. This is generally a bad idea, as BIMI asset hosting is a machine-2-machine interaction, not an interaction with a browser.
We've seen BIMI failing due to webservices attempting to serve privacy consents, CAPTCHAs, localization redirects and rejecting email services based on the user-agent string, just to name a few.
Then there is also a line-ending character issue with BIMI, when Windows based webservices are used.
TL;DR: hosting BIMI assets is more involved than you'd think. It makes sense to deploy a dedicated service to host BIMI assets.
With so many organizations struggling to adopt BIMI, we decided we should improve on this situation.
Mailhardener now offers BIMI asset hosting as part of the Mailhardener email hardening suite.
With Mailhardener asset hosting, you simply upload the VMC, and point your BIMI DNS selector to the Mailhardener asset hosting service. We do the rest.
Mailhardener will automatically extract the mark (SVG image) from the VMC to ensure a binary match between the hosted VMC and SVG. This binary equivalence is required and a common source of error.
The Mailhardener BIMI asset hosting service is, naturally, 100% compatible with the current BIMI specification (which is BIMI-02 at the time of writing), and will be updated once the BIMI specification is finalized.
Mailhardener BIMI asset hosting also employs the latest TLS standards (TLS 1.3) and follows all best practices.
Features included, but not limited to: TLS 1.3, IPv6, CAA, OCSP and HSTS.
We are very excited to be able to offer the latest email hardening features to our customers. By making these hardening features accessible and easy to use, we hope to accelerate the adoption rate of BIMI.
Mailhardener BIMI asset hosting is available immediately for all paid Mailhardener tiers.