You were pretty close on the order.
-Contact/Gal
-Gravatar
-Bimi
-Website Icon (pull from root of website, <link ref='icon'>)
-Favicon.ico
-No Image / Monogram

Are you seeing clear examples of BIMI being skipped? That could be a bug

The avatars are cached in 2 seperate 5 day caches.
Contact/Gal (changes instantly, no cache), 
Per User: Gravatar

Per server: Bimi, Website Icon, Favicon, and lack of icon (we cache this)

Also, if an email is older than 5 days, we won't update the icon until you click on it in webmail. It won't automatically update in the message list. We did this to keep the load on avatar fetching down.

I am indeed seeing the BIMI image skipped and the favicon.ico used instead...but in all of those cases I've checked so far they are BIMIv1 tiny-ps 1.2 SVG images that do not have a VMC (Verified Mark Certificate). I will have to double-check to see if it is working with BIMIv1 tiny-ps 1.2 SVG images that do have a valid VMC.

Good to know on the caches. I see they cleared over the weekend so the new favicon.ico that I uploaded to websites to match the BIMI images for domains last week are now showing in SmarterMail. It may be that SmarterMail is just ignoring BIMI SVG images without VMC, like GMail?

Just looked at the code. We are not verifying or looking for certificates at the moment. 
We do a TXT Record to "default._bimi.<DmarcDomain>" We verify the TXT header has v=BIMI1 and then we pull the "l=" parameter with the URL.

We do require that DMARC has a Pass result into order to pull BIMI images, this is to prevent abuse.

Something you can look out for is that new emails should have BIMI details should be applied the message, if the domain had BIMI. You can look for the "X-SmarterMail-BIMI" header.

Matt---Does SM still tag the header with "X-SmarterMail-BIMI" on the more recent versions (I am currently on 8629)?

On the left is the validation from MX Records that email.apple.com is passing BIMI but on the right is the header from an email from Apple on 9/18 and when I search the header I can't find text = bimi.

Maybe I am doing something wrong?

Thanks.

You should still be getting the header as long as DMARC is running and passing on the message. If DMARC is passing for the message you can try searching your SpamChecks log for "BIMI Exception" to see if anything is happening. You can also check your SMTP logs for "DMARC Results:" and make sure we're correctly identifying the dmarc info.

It's passing dmarc:

[2023.09.18] 17:10:53.919 [17.171.37.39][31270991] DMARC Results: Passed (Domain: email.apple.com, Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com), Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com, Reject? False

When I look @ the SpamChecks logs I don't see anything at all regarding BIMI or domain = email.apple.com

Spam Checks Process Logging currently = Exception Only

Thanks.

Hey Mike, you were onto something here. I found and fixed an issue with how we were parsing DMARC information causing us to not apply the BIMI details. This should fix the issue you were noticing. This fix will be in our ".Net 7" release.

ok - thanks, will wait for the update to re-test.

What the result after re-test?

need to wait for .NET 7 release

It is nice to see the solution of such problems here.

For those hosting a BIMI image and running build 8747 or greater, where are you putting the image now? Mine was in the root folder of MRS, and that worked fine, but the new SmarterMail doesn't seem to use the MRS folder for the site, only the Web.config. My BIMI image hosting is now broke.

I got my BIMI image working again. If you're curious, I posted in:

I have updated my build and it appears bimi is working now.

A question for Matt - 

If you are emailing within a domain and/or between domains on the same server the email does not appear to have Bimi.  Is that by design?  I think DMARC is bypassed in this senario.

It took a few hours but ours started showing up on our own server and my home server. When I lost control of the root folder on my home server and domains with this update, it took a day for the BIMI image to show up on my work server’s webmail. 

Looks like on my build (8776) emails between domains and emails intra-domain skip the bimi check.  I can get an outside bimi check on MX Records to see the bimi but test emails between domains and intra-domain on the same server seem to bypass the check.

External emails from the likes of Apple contain the code in the header:

X-SmarterMail-BIMI: url=https://www.apple.com/bimi/v2/apple.svg; domain=insideapple.apple.com;

Matt hasn't replied as to how it should work in the smartermail software.

I don’t see any BIMI headers from either local or remote SmarterMail senders, but BIMI is the only image system I have set up and I definitely see them for both local and remote SmarterMail emails. 

I wonder if the image is being grabbed from somewhere else.  Just curious, dumb question as I try to figure it out, is your bimi image the same as website icon or other image in Matt's hierarchy?

I have no website icon other than the favicon, and my profile image on one account is a photo. I have BIMI set up on both my server at work and the one at home. That’s the only place I have these two images. They work both ways locally and between the two servers. 

Here’s a good resource:

Patrick, thanks for the link.  I've had my bimi up for months (since Sept 23, 2023) and it verifies sans VMC as good through several different third party bimi checking websites.

My understanding per the bimi protocol is that we should see data in the header tagged with the bimi hyperlink.

Since bimi seems to be working for you and you've confirmed that there are no lines for bimi in your headers in emails between domains on the same SM server it seems to me a decent assumption that SM isn't following the bimi protocol for these types of emails but pulling the image directly out of C:\Program Files (x86)\SmarterTools\SmarterMail\Service\wwwroot.  

I could be on the wrong track but how does SM know which image to pull if there is no bimi path in the header?  Maybe a naming convention per domain on the SVG in the file directory?  I spent a little time searching for this in the knowledge base but haven't had any luck.

It would be helpful in troubleshooting for some communication from SM directly how they are handling so I'm not making assumptions.

My server at work can’t pull the image out of wwwroot on my server at home and vice versa. They are two different machines in two different locations.  It is definitely getting the BIMI image based on my DNS entries. Maybe SmarterMail is looking up the location and name of the BIMI image from my DNS, and is just not including the header?

Any updates how we can upload BIMI images per domain on the SmarterMail server?

Michael,

BIMI images can be anywhere, and they are located by looking up the BIMI dns record for the domain. 

SmarterMail has nothing to do with the process. I keep my BIMI image in the wwwroot of my SmarterMail server, but it could be anywhere. 

Read here: 

I was finally able to troubleshoot my bimi issue.  The source of the problem?  For some reason SM coverts all bimi URLs to lowercase.  My bimi link had some upper case letters in it which caused SM not to be able to get to the image.  I'm not a web person so I'm not familiar with upper case letters vs lower case letters in URLs or why SM would convert the URL to all lower cases from the DNS call but...well...that was the problem.

Hope this helps someone else.