BIMI deprecated

Brand Indicators for Message Identification (BIMI)

BIMI lets mailbox providers display a verified company logo next to incoming messages.

In App Suite UI, the BIMI logo is resolved and rendered locally so we can offer a preview in the compose dialog, enrich list views, and expose debugging details to administrators without involving the middleware.

How it works

At a high level, the BIMI flow looks like this:

  • BIMI lookups are only performed for messages that have successfully passed DMARC verification. This ensures that brand logos are displayed exclusively for authenticated senders.
  • Before issuing any BIMI request, the UI checks a small blocklist of major mailbox providers (for example gmail.com, icloud.com, outlook.com, yahoo.com). Addresses from these domains are skipped to avoid unnecessary BIMI lookups for providers that typically do not publish BIMI records.
  • A dedicated Fastify-based service exposes /ui/v1/bimi/:domain. When queried, it resolves the domain’s BIMI DNS records, fetches the referenced SVG logo, validates it, and prepares a sanitized result.
  • Results are stored both in an in-memory LRU cache — avoiding repeated work for frequently requested domains — and in a persistent database cache, which minimizes DNS traffic and keeps lookup latency predictable.
  • All fetched SVG logos are sanitized server-side (no scripts, no external references) before being persisted or returned. This guarantees that the UI never loads untrusted resources directly from third-party domains.
  • Sanitized SVGs are retained to speed up repeated rendering across the message list, message detail view, and the BIMI preview dialog.

Prerequisites

Before enabling BIMI, make sure the following conditions are met:

  • DMARC results available: The mail backend must perform DMARC verification and pass the result to the UI so it can decide when BIMI lookups are allowed.
  • DNS and HTTPS connectivity: The BIMI service needs outbound access to DNS and HTTPS to resolve BIMI TXT records and retrieve SVG logos and (optional) VMC certificates.
  • Database: A reachable MariaDB/MySQL database instance with enough capacity for the lookup and logo tables.
  • Switchboard: The BIMI feature need to authenticate. The necessary JWT token is provided by the Switchboard.

Configuration

Once the prerequisites are in place, enable BIMI with the following configuration:

# set feature toggle
config:
  features:
    bimi: true

# register a database for caching purposes
databases:
  # the key must exist for BIMI
  bimi:
    host: database-host # example
    port: 3306 # default
    name: bimi # example / can be any name
    user: bimi # example / can be any user
    password: "<secret>"
    connections: 10 # default

You also need to enable the feature in the UI by adding this line to the App Suite Middleware configuration: yaml io.ox/core//features/bimi=true

Database sizing

The BIMI feature stores its data in two tables (within the configured BIMI database) with very different growth patterns:

  1. Lookup table (metadata)

    • Stores the domain, DNS result, timestamps, and whether BIMI is available.
    • Primarily acts as the negative cache for domains without BIMI so we do not hammer external DNS resolvers.
    • Expect this table to reach millions of rows on large consumer deployments because it tracks both hits and true negatives.

  2. Logo table (sanitized SVG blobs)

    • Only populated for domains that successfully publish BIMI.
    • Each logo is limited to 32 KB (typically around 4 KB), so even tens of thousands of entries consume well below a gigabyte.
    • Disk usage is therefore driven by how many BIMI-enabled senders appear in user inboxes rather than overall mail volume.

When planning storage, reserve capacity for millions of metadata rows plus overhead for indexes, then add a modest buffer for logo blobs to support future growth in BIMI adoption. All data is used purely as a cache, so replication and backup are usually not required — a fast, inexpensive database is sufficient.

Metrics and Monitoring

Prometheus metrics are exposed on the standard /metrics endpoint (port controlled by the METRICS_PORT environment variable; default 9090). The table below summarizes the BIMI-specific data points:

Metric Type Description
bimi_requests_total Counter Total number of BIMI requests across all domains.
bimi_request_duration_seconds Histogram Overall request duration (Fastify handler latency).
bimi_record_cache_hits_total Counter In-memory cache hits for record metadata.
bimi_record_cache_misses_total Counter In-memory cache misses that triggered DB lookups.
bimi_record_db_hits_total Counter DB hits for records after a cache miss.
bimi_record_db_misses_total Counter DB lookups that did not find a record.
bimi_logo_cache_hits_total Counter In-memory cache hits for sanitized SVG logos.
bimi_logo_cache_misses_total Counter Cache misses that required DB fetches for logos.
bimi_logo_db_hits_total Counter Logo rows found in the database after cache misses.
bimi_logo_db_misses_total Counter Logo DB lookups that missed (forces remote fetch).
bimi_dns_lookup_duration_seconds Histogram DNS TXT lookup latency (focus on negative caching).
bimi_logo_fetch_duration_seconds Histogram Time spent downloading remote SVGs.
bimi_certificate_fetch_duration_seconds Histogram Latency for fetching VMC certificates, if present.

The repository contains a ready-to-use Grafana dashboard (server/grafana/dashboards/dashboard.json).

Limitations

  • Best-effort enrichment: BIMI is an optional visual enhancement. If lookups fail, DNS is slow, or the BIMI service is down, mail delivery is not affected; the UI simply omits the logo.
  • Sender coverage: Only senders with valid DMARC and BIMI records will ever show a logo. Many large mailbox providers are blocklisted on purpose and therefore never trigger BIMI lookups.
  • Caching behaviour: Negative cache entries (no BIMI available) can delay the display of newly published BIMI records until the cache expires. Negative entries expire after 30 days, entries with valid logos are kept for 180 days (because they rarely change).
  • Scope in the UI: Logos currently appear only in the mail list and detail view; other modules are not affected by this feature.