3
BIMI Images
Question asked by Scarab - 4/14/2023 at 4:21 PM
Answered
I noticed that the newest builds of SmarterMail don't generally load BIMI images as they seem to be lower priority in the hierarchy of images to be displayed. From a cursory examination it would appear that the images displayed in the email list and the email pane are as follows:

  1. Profile Picture in SmarterMail Profile or Contacts
  2. Gravatar (Globally Recognized Avatar) image for email address
  3. HTTP GET request for //%{DOMAIN}/favicon.ico (or https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://%{Domain}&size=32)
  4. DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (with Verified Mark Certificate)
  5. DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (no VMC)
  6. If !Image default to generic icon of First Letter of address.
I don't disagree with the priority ordering of the the first two (Profile/Contact Image and Gravatar), but shouldn't FAVICON.ICO take a lesser priority than BIMI SVG with VMC or without VMC and be the final fallback when no other options are available?

Also, out of curiosity, what is the TTL on the image cache? If a Profile Picture or FAVICON.ICO or BIMI image for a sender changes, how soon before that update is seen in SmarterMail?

25 Replies

Reply to Thread
0
Matt Petty Replied
Employee Post
You were pretty close on the order.
-Contact/Gal
-Gravatar
-Bimi
-Website Icon (pull from root of website, <link ref='icon'>)
-Favicon.ico
-No Image / Monogram

Are you seeing clear examples of BIMI being skipped? That could be a bug

The avatars are cached in 2 seperate 5 day caches.
Contact/Gal (changes instantly, no cache), 
Per User: Gravatar
Per server: Bimi, Website Icon, Favicon, and lack of icon (we cache this)

Also, if an email is older than 5 days, we won't update the icon until you click on it in webmail. It won't automatically update in the message list. We did this to keep the load on avatar fetching down.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Scarab Replied
I am indeed seeing the BIMI image skipped and the favicon.ico used instead...but in all of those cases I've checked so far they are BIMIv1 tiny-ps 1.2 SVG images that do not have a VMC (Verified Mark Certificate). I will have to double-check to see if it is working with BIMIv1 tiny-ps 1.2 SVG images that do have a valid VMC.

Good to know on the caches. I see they cleared over the weekend so the new favicon.ico that I uploaded to websites to match the BIMI images for domains last week are now showing in SmarterMail. It may be that SmarterMail is just ignoring BIMI SVG images without VMC, like GMail?
0
Matt Petty Replied
Employee Post
Just looked at the code. We are not verifying or looking for certificates at the moment. 
We do a TXT Record to "default._bimi.<DmarcDomain>" We verify the TXT header has v=BIMI1 and then we pull the "l=" parameter with the URL.

We do require that DMARC has a Pass result into order to pull BIMI images, this is to prevent abuse.

Something you can look out for is that new emails should have BIMI details should be applied the message, if the domain had BIMI. You can look for the "X-SmarterMail-BIMI" header.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Mike Mulhern Replied
Matt---Does SM still tag the header with "X-SmarterMail-BIMI" on the more recent versions (I am currently on 8629)?

On the left is the validation from MX Records that email.apple.com is passing BIMI but on the right is the header from an email from Apple on 9/18 and when I search the header I can't find text = bimi.

Maybe I am doing something wrong?

Thanks.

0
Matt Petty Replied
Employee Post
You should still be getting the header as long as DMARC is running and passing on the message. If DMARC is passing for the message you can try searching your SpamChecks log for "BIMI Exception" to see if anything is happening. You can also check your SMTP logs for "DMARC Results:" and make sure we're correctly identifying the dmarc info.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Mike Mulhern Replied
It's passing dmarc:
[2023.09.18] 17:10:53.919 [17.171.37.39][31270991] DMARC Results: Passed (Domain: email.apple.com, Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com), Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com, Reject? False

When I look @ the SpamChecks logs I don't see anything at all regarding BIMI or domain = email.apple.com

Spam Checks Process Logging currently = Exception Only

Thanks.
1
Matt Petty Replied
Employee Post
Hey Mike, you were onto something here. I found and fixed an issue with how we were parsing DMARC information causing us to not apply the BIMI details. This should fix the issue you were noticing. This fix will be in our ".Net 7" release.
Matt Petty Senior Software Developer SmarterTools Inc. www.smartertools.com
0
Mike Mulhern Replied
ok - thanks, will wait for the update to re-test.
0
Larry Ellis Replied
What the result after re-test?
tiny fishing
0
Mike Mulhern Replied
need to wait for .NET 7 release
2
Employee Replied
Employee Post Marked As Answer
Hi guys,

I wanted to let you know this has been fixed and will be available in our next release, which is coming to BETA next week! 
0
Sheri Hughes Replied
It is nice to see the solution of such problems here.
0
Patrick Jeski Replied
For those hosting a BIMI image and running build 8747 or greater, where are you putting the image now? Mine was in the root folder of MRS, and that worked fine, but the new SmarterMail doesn't seem to use the MRS folder for the site, only the Web.config. My BIMI image hosting is now broke.
0
Patrick Jeski Replied
I got my BIMI image working again. If you're curious, I posted in:
0
Mike Mulhern Replied
I have updated my build and it appears bimi is working now.

A question for Matt - 
If you are emailing within a domain and/or between domains on the same server the email does not appear to have Bimi.  Is that by design?  I think DMARC is bypassed in this senario.
0
Patrick Jeski Replied
It took a few hours but ours started showing up on our own server and my home server. When I lost control of the root folder on my home server and domains with this update, it took a day for the BIMI image to show up on my work server’s webmail. 
0
Mike Mulhern Replied
Looks like on my build (8776) emails between domains and emails intra-domain skip the bimi check.  I can get an outside bimi check on MX Records to see the bimi but test emails between domains and intra-domain on the same server seem to bypass the check.

External emails from the likes of Apple contain the code in the header:
X-SmarterMail-BIMI: url=https://www.apple.com/bimi/v2/apple.svg; domain=insideapple.apple.com;
Matt hasn't replied as to how it should work in the smartermail software.
0
Patrick Jeski Replied
I don’t see any BIMI headers from either local or remote SmarterMail senders, but BIMI is the only image system I have set up and I definitely see them for both local and remote SmarterMail emails. 
0
Mike Mulhern Replied
I wonder if the image is being grabbed from somewhere else.  Just curious, dumb question as I try to figure it out, is your bimi image the same as website icon or other image in Matt's hierarchy?
0
Patrick Jeski Replied
I have no website icon other than the favicon, and my profile image on one account is a photo. I have BIMI set up on both my server at work and the one at home. That’s the only place I have these two images. They work both ways locally and between the two servers. 

Here’s a good resource:
0
Mike Mulhern Replied
Patrick, thanks for the link.  I've had my bimi up for months (since Sept 23, 2023) and it verifies sans VMC as good through several different third party bimi checking websites.

My understanding per the bimi protocol is that we should see data in the header tagged with the bimi hyperlink.

Since bimi seems to be working for you and you've confirmed that there are no lines for bimi in your headers in emails between domains on the same SM server it seems to me a decent assumption that SM isn't following the bimi protocol for these types of emails but pulling the image directly out of C:\Program Files (x86)\SmarterTools\SmarterMail\Service\wwwroot.  

I could be on the wrong track but how does SM know which image to pull if there is no bimi path in the header?  Maybe a naming convention per domain on the SVG in the file directory?  I spent a little time searching for this in the knowledge base but haven't had any luck.

It would be helpful in troubleshooting for some communication from SM directly how they are handling so I'm not making assumptions.
0
Patrick Jeski Replied
My server at work can’t pull the image out of wwwroot on my server at home and vice versa. They are two different machines in two different locations.  It is definitely getting the BIMI image based on my DNS entries. Maybe SmarterMail is looking up the location and name of the BIMI image from my DNS, and is just not including the header?
0
Michael Replied
Any updates how we can upload BIMI images per domain on the SmarterMail server?
1
Patrick Jeski Replied
Michael,
BIMI images can be anywhere, and they are located by looking up the BIMI dns record for the domain. 

SmarterMail has nothing to do with the process. I keep my BIMI image in the wwwroot of my SmarterMail server, but it could be anywhere. 

Read here: 


I can offer help if you need it. 
1
Mike Mulhern Replied
I was finally able to troubleshoot my bimi issue.  The source of the problem?  For some reason SM coverts all bimi URLs to lowercase.  My bimi link had some upper case letters in it which caused SM not to be able to get to the image.  I'm not a web person so I'm not familiar with upper case letters vs lower case letters in URLs or why SM would convert the URL to all lower cases from the DNS call but...well...that was the problem.

Hope this helps someone else.

Reply to Thread