BIMI Images

Question asked by Scarab - 4/14/2023 at 4:21 PM

Answered

I noticed that the newest builds of SmarterMail don't generally load BIMI images as they seem to be lower priority in the hierarchy of images to be displayed. From a cursory examination it would appear that the images displayed in the email list and the email pane are as follows:

Profile Picture in SmarterMail Profile or Contacts
Gravatar (Globally Recognized Avatar) image for email address
HTTP GET request for //%{DOMAIN}/favicon.ico (or https://t3.gstatic.com/faviconV2?client=SOCIAL&type=FAVICON&fallback_opts=TYPE,SIZE,URL&url=http://%{Domain}&size=32)
DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (with Verified Mark Certificate)
DNS lookup default._bimi.%{DOMAIN} HTTP Get %{l=BIMI location}.SVG Image (no VMC)
If !Image default to generic icon of First Letter of address.

I don't disagree with the priority ordering of the the first two (Profile/Contact Image and Gravatar), but shouldn't FAVICON.ICO take a lesser priority than BIMI SVG with VMC or without VMC and be the final fallback when no other options are available?

Also, out of curiosity, what is the TTL on the image cache? If a Profile Picture or FAVICON.ICO or BIMI image for a sender changes, how soon before that update is seen in SmarterMail?

24 Replies

Reply to Thread

Matt Petty Replied

4/17/2023 at 7:47 AM

Employee Post

You were pretty close on the order.
-Contact/Gal
-Gravatar
-Bimi
-Website Icon (pull from root of website, <link ref='icon'>)
-Favicon.ico
-No Image / Monogram

Are you seeing clear examples of BIMI being skipped? That could be a bug

The avatars are cached in 2 seperate 5 day caches.
Contact/Gal (changes instantly, no cache),
Per User: Gravatar

Per server: Bimi, Website Icon, Favicon, and lack of icon (we cache this)

Also, if an email is older than 5 days, we won't update the icon until you click on it in webmail. It won't automatically update in the message list. We did this to keep the load on avatar fetching down.

Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Scarab Replied

4/17/2023 at 10:31 AM

I am indeed seeing the BIMI image skipped and the favicon.ico used instead...but in all of those cases I've checked so far they are BIMIv1 tiny-ps 1.2 SVG images that do not have a VMC (Verified Mark Certificate). I will have to double-check to see if it is working with BIMIv1 tiny-ps 1.2 SVG images that do have a valid VMC.

Good to know on the caches. I see they cleared over the weekend so the new favicon.ico that I uploaded to websites to match the BIMI images for domains last week are now showing in SmarterMail. It may be that SmarterMail is just ignoring BIMI SVG images without VMC, like GMail?

Matt Petty Replied

4/17/2023 at 2:11 PM

Employee Post

Just looked at the code. We are not verifying or looking for certificates at the moment.
We do a TXT Record to "default._bimi.<DmarcDomain>" We verify the TXT header has v=BIMI1 and then we pull the "l=" parameter with the URL.

We do require that DMARC has a Pass result into order to pull BIMI images, this is to prevent abuse.

Something you can look out for is that new emails should have BIMI details should be applied the message, if the domain had BIMI. You can look for the "X-SmarterMail-BIMI" header.

Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Mike Mulhern Replied

9/20/2023 at 7:53 AM

Matt---Does SM still tag the header with "X-SmarterMail-BIMI" on the more recent versions (I am currently on 8629)?

On the left is the validation from MX Records that email.apple.com is passing BIMI but on the right is the header from an email from Apple on 9/18 and when I search the header I can't find text = bimi.

Maybe I am doing something wrong?

Thanks.

Matt Petty Replied

9/20/2023 at 9:12 AM

Employee Post

You should still be getting the header as long as DMARC is running and passing on the message. If DMARC is passing for the message you can try searching your SpamChecks log for "BIMI Exception" to see if anything is happening. You can also check your SMTP logs for "DMARC Results:" and make sure we're correctly identifying the dmarc info.

Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Mike Mulhern Replied

9/25/2023 at 7:48 AM

It's passing dmarc:

[2023.09.18] 17:10:53.919 [17.171.37.39][31270991] DMARC Results: Passed (Domain: email.apple.com, Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com), Reason: SPF: True, DKIM: True, Alignments: 2, Domain: email.apple.com, Reject? False

When I look @ the SpamChecks logs I don't see anything at all regarding BIMI or domain = email.apple.com

Spam Checks Process Logging currently = Exception Only

Thanks.

Matt Petty Replied

9/25/2023 at 9:38 AM

Employee Post

Hey Mike, you were onto something here. I found and fixed an issue with how we were parsing DMARC information causing us to not apply the BIMI details. This should fix the issue you were noticing. This fix will be in our ".Net 7" release.

Matt Petty Software Developer SmarterTools Inc. (877) 357-6278 www.smartertools.com

Mike Mulhern Replied

9/25/2023 at 10:52 AM

ok - thanks, will wait for the update to re-test.

Larry Ellis Replied

9/27/2023 at 2:36 AM

What the result after re-test?

tiny fishing

Mike Mulhern Replied

9/27/2023 at 4:09 AM

need to wait for .NET 7 release

Andrea Free Replied

10/12/2023 at 3:22 PM

Employee Post Marked As Answer

Hi guys,

I wanted to let you know this has been fixed and will be available in our next release, which is coming to BETA next week!

Andrea Free SmarterTools Inc. 877-357-6278 www.smartertools.com

Sheri Hughes Replied

12/21/2023 at 1:30 AM

It is nice to see the solution of such problems here.

Patrick Jeski Replied

1/3/2024 at 12:52 PM

For those hosting a BIMI image and running build 8747 or greater, where are you putting the image now? Mine was in the root folder of MRS, and that worked fine, but the new SmarterMail doesn't seem to use the MRS folder for the site, only the Web.config. My BIMI image hosting is now broke.

Patrick Jeski Replied

1/5/2024 at 6:39 AM

I got my BIMI image working again. If you're curious, I posted in:

https://portal.smartertools.com/community/a95871/allow-access-to-the-_well-known-directory.aspx

Mike Mulhern Replied

1/22/2024 at 2:30 PM

I have updated my build and it appears bimi is working now.

A question for Matt -

If you are emailing within a domain and/or between domains on the same server the email does not appear to have Bimi. Is that by design? I think DMARC is bypassed in this senario.

Patrick Jeski Replied

1/22/2024 at 2:35 PM

It took a few hours but ours started showing up on our own server and my home server. When I lost control of the root folder on my home server and domains with this update, it took a day for the BIMI image to show up on my work server’s webmail.

Mike Mulhern Replied

2/9/2024 at 2:21 PM

Looks like on my build (8776) emails between domains and emails intra-domain skip the bimi check. I can get an outside bimi check on MX Records to see the bimi but test emails between domains and intra-domain on the same server seem to bypass the check.

External emails from the likes of Apple contain the code in the header:

X-SmarterMail-BIMI: url=https://www.apple.com/bimi/v2/apple.svg; domain=insideapple.apple.com;

Matt hasn't replied as to how it should work in the smartermail software.

Patrick Jeski Replied

2/9/2024 at 2:52 PM

I don’t see any BIMI headers from either local or remote SmarterMail senders, but BIMI is the only image system I have set up and I definitely see them for both local and remote SmarterMail emails.

Mike Mulhern Replied

2/9/2024 at 3:14 PM

I wonder if the image is being grabbed from somewhere else. Just curious, dumb question as I try to figure it out, is your bimi image the same as website icon or other image in Matt's hierarchy?

Patrick Jeski Replied

2/9/2024 at 4:20 PM

I have no website icon other than the favicon, and my profile image on one account is a photo. I have BIMI set up on both my server at work and the one at home. That’s the only place I have these two images. They work both ways locally and between the two servers.

Here’s a good resource:

https://bimigroup.org/bimi-generator/

Mike Mulhern Replied

2/12/2024 at 12:12 PM

Patrick, thanks for the link. I've had my bimi up for months (since Sept 23, 2023) and it verifies sans VMC as good through several different third party bimi checking websites.

My understanding per the bimi protocol is that we should see data in the header tagged with the bimi hyperlink.

Since bimi seems to be working for you and you've confirmed that there are no lines for bimi in your headers in emails between domains on the same SM server it seems to me a decent assumption that SM isn't following the bimi protocol for these types of emails but pulling the image directly out of C:\Program Files (x86)\SmarterTools\SmarterMail\Service\wwwroot.

I could be on the wrong track but how does SM know which image to pull if there is no bimi path in the header? Maybe a naming convention per domain on the SVG in the file directory? I spent a little time searching for this in the knowledge base but haven't had any luck.

It would be helpful in troubleshooting for some communication from SM directly how they are handling so I'm not making assumptions.

Patrick Jeski Replied

2/12/2024 at 3:52 PM

My server at work can’t pull the image out of wwwroot on my server at home and vice versa. They are two different machines in two different locations. It is definitely getting the BIMI image based on my DNS entries. Maybe SmarterMail is looking up the location and name of the BIMI image from my DNS, and is just not including the header?