hello@bimicertifications.com
Hrvatski – Hrvatska
Relationship SPF DKIM DMARC VMC BIMI

Tehnički odnos između SPF-a, DKIM-a, DMARC-a i BIMI-ja objašnjen jednostavno

Shvatite kako ovi protokoli e-pošte funkcioniraju zajedno kako bi osigurali vaše e-poruke i otključali prikaz logotipa BIMI-ja koji promovira brend.

SPF, DKIM i DMARC - Trio za sigurnost e-pošte

SPF, DKIM i DMARC su temeljni protokoli za autentifikaciju e-pošte, a svaki od njih igra jedinstvenu ulogu u provjeri legitimnosti e-pošte:
  • SPF (Sender Policy Framework): Ovaj protokol provjerava je li poslužitelj pošte koji šalje poštu ovlašten za slanje e-poruka za vašu domenu. Koristi DNS zapise kako bi definirao kojim poslužiteljima je dopušteno slanje u vaše ime, što pomaže u blokiranju lažnih pošiljatelja.
  • DKIM (DomainKeys Identified Mail): DKIM dodaje digitalni potpis svakoj odlaznoj e-pošti. To omogućuje poslužitelju primatelja da provjeri da e-pošta nije mijenjana i da doista dolazi s vaše domene.
  • DMARC (Provjera autentičnosti, izvještavanje i usklađenost poruka temeljena na domeni): DMARC povezuje SPF i DKIM, osiguravajući da se domene koje provjeravaju podudaraju s vidljivom adresom "Od". Također vam omogućuje postavljanje pravila o tome što učiniti s e-porukama koje ne uspiju proći provjeru autentičnosti - staviti ih u karantenu ili ih odbiti - te pruža izvješća o rezultatima provjere autentičnosti.

How BIMI Builds on These Protocols

  • BIMI (Brand Indicators for Message Identification): BIMI is the “bonus” that comes after you’ve set up SPF, DKIM, and DMARC correctly. Once your domain passes these checks, BIMI lets you display your brand’s verified logo next to your emails in supported inboxes.
  • Technical Requirement: BIMI only works if your DMARC policy is set to “quarantine” or “reject,” not “none.” This ensures only authenticated, trusted emails can display your logo, protecting your brand from spoofing.
  • How It Works: You publish a BIMI record in your DNS, pointing to your logo file (and sometimes a Verified Mark Certificate). When an email passes SPF, DKIM, and DMARC, the recipient’s mail server checks for a BIMI record and, if present, displays your logo in the inbox.

Why This Layered Approach Matters

  • Security: SPF, DKIM, and DMARC work together to block phishing, spoofing, and unauthorized use of your domain.
  • Trust: BIMI rewards strong authentication by making your brand instantly recognizable in the inbox, boosting recipient trust and engagement.
  • Visibility: Only domains with robust authentication and DMARC enforcement can use BIMI, ensuring that only legitimate brands benefit from enhanced inbox branding.

In Simple Terms

Think of SPF, DKIM, and DMARC as the security checks at the front door. Only after you’ve passed all three can you hang your brand’s logo (BIMI) proudly in the window for everyone to see.

 

Steps to Enable BIMI for Your Domain

1. Set up and test SPF and DKIM records in your DNS.

2. Enforce DMARC with a policy of “quarantine” or “reject.”

3. Create a BIMI DNS record pointing to your verified logo (and VMC if required).

4. Monitor authentication results and logo display in recipient's inboxes.

 

Ready to unlock BIMI and boost your brand’s inbox presence?

Contact our agents for expert help with SPF, DKIM, DMARC, and BIMI setup!
 

Talk to an Expert

Bimi Text

 

 

Explore our FAQ on Why DMARC Enforcement Is the Foundation of Successful BIMI Deployment for more on policy requirements.

 

SPF: Authorizes sending servers for your domain.

DKIM: Signs emails to prove integrity and authenticity.

DMARC: Aligns and enforces SPF/DKIM, blocking fakes.

BIMI: Displays your logo only after all checks pass, boosting brand trust and visibility.