3
BIMI Images
Question asked by Scarab - 4/14/2023 at 4:21 PM
Answered
I noticed that the newest builds of SmarterMail don't generally load BIMI images as they seem to be lower priority in the hierarchy of images to be displayed. From a cursory examination it would appear that the images displayed in the email list and the email pane are as follows:

  1. Profile Picture in SmarterMail Profile or Contacts
  2. Gravatar (Globally Recognized Avatar) image for email address
  3. HTTP GET request for //%{DOMAIN}/favicon.ico (or https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://%{Domain}&size=32)
  4. DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (with Verified Mark Certificate)
  5. DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (no VMC)
  6. If !Image default to generic icon of First Letter of address.
I don't disagree with the priority ordering of the the first two (Profile/Contact Image and Gravatar), but shouldn't FAVICON.ICO take a lesser priority than BIMI SVG with VMC or without VMC and be the final fallback when no other options are available?

Also, out of curiosity, what is the TTL on the image cache? If a Profile Picture or FAVICON.ICO or BIMI image for a sender changes, how soon before that update is seen in SmarterMail?

10 Replies

Reply to Thread
0
Matt Petty Replied
Employee Post
You were pretty close on the order.
-Contact/Gal
-Gravatar
-Bimi
-Website Icon (pull from root of website, <link ref='icon'>)
-Favicon.ico
-No Image / Monogram

Are you seeing clear examples of BIMI being skipped? That could be a bug

The avatars are cached in 2 seperate 5 day caches.
Contact/Gal (changes instantly, no cache), 
Per User: Gravatar
Per server: Bimi, Website Icon, Favicon, and lack of icon (we cache this)

Also, if an email is older than 5 days, we won't update the icon until you click on it in webmail. It won't automatically update in the message list. We did this to keep the load on avatar fetching down.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Scarab Replied
I am indeed seeing the BIMI image skipped and the favicon.ico used instead...but in all of those cases I've checked so far they are BIMIv1 tiny-ps 1.2 SVG images that do not have a VMC (Verified Mark Certificate). I will have to double-check to see if it is working with BIMIv1 tiny-ps 1.2 SVG images that do have a valid VMC.

Good to know on the caches. I see they cleared over the weekend so the new favicon.ico that I uploaded to websites to match the BIMI images for domains last week are now showing in SmarterMail. It may be that SmarterMail is just ignoring BIMI SVG images without VMC, like GMail?
0
Matt Petty Replied
Employee Post
Just looked at the code. We are not verifying or looking for certificates at the moment. 
We do a TXT Record to "default._bimi.<DmarcDomain>" We verify the TXT header has v=BIMI1 and then we pull the "l=" parameter with the URL.

We do require that DMARC has a Pass result into order to pull BIMI images, this is to prevent abuse.

Something you can look out for is that new emails should have BIMI details should be applied the message, if the domain had BIMI. You can look for the "X-SmarterMail-BIMI" header.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Mike Mulhern Replied
Matt---Does SM still tag the header with "X-SmarterMail-BIMI" on the more recent versions (I am currently on 8629)?

On the left is the validation from MX Records that email.apple.com is passing BIMI but on the right is the header from an email from Apple on 9/18 and when I search the header I can't find text = bimi.

Maybe I am doing something wrong?

Thanks.

0
Matt Petty Replied
Employee Post
You should still be getting the header as long as DMARC is running and passing on the message. If DMARC is passing for the message you can try searching your SpamChecks log for "BIMI Exception" to see if anything is happening. You can also check your SMTP logs for "DMARC Results:" and make sure we're correctly identifying the dmarc info.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Mike Mulhern Replied
It's passing dmarc:
[2023.09.18] 17:10:53.919 [17.171.37.39][31270991] DMARC Results: Passed (Domain: email.apple.com, Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com), Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com, Reject? False

When I look @ the SpamChecks logs I don't see anything at all regarding BIMI or domain = email.apple.com

Spam Checks Process Logging currently = Exception Only

Thanks.
1
Matt Petty Replied
Employee Post Marked As Answer
Hey Mike, you were onto something here. I found and fixed an issue with how we were parsing DMARC information causing us to not apply the BIMI details. This should fix the issue you were noticing. This fix will be in our ".Net Core" release.
Matt Petty
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Mike Mulhern Replied
ok - thanks, will wait for the update to re-test.
0
Larry Ellis Replied
What the result after re-test?
0
Mike Mulhern Replied
need to wait for .NET Core release

Reply to Thread