What Is BIMI

The user-visible result

In supported clients, the sender's logo replaces the default avatar in the inbox list and message header. For a recipient scanning their inbox, brand mail visually stands apart from anonymous senders and from spoofed mail that doesn't authenticate. The "trusted-looking circle" is the BIMI logo.

The technical pieces

1. DMARC enforcement. Your domain must publish DMARC at p=quarantine or p=reject — not p=none. Without enforcement, BIMI clients won't display the logo. This is the gate that takes most of the implementation effort.
2. SVG logo. Hosted at an HTTPS URL you control. The format is constrained — "SVG Tiny PS" profile, square aspect ratio, no scripts, no external references. Most marketing-team SVGs need to be converted/simplified for BIMI compliance.
3. Optional VMC (Verified Mark Certificate). An X.509 certificate from an approved CA confirming you own the trademark for the logo. Major mail providers (Gmail especially) require a VMC before displaying the logo.
4. DNS record. A TXT record at default._bimi.example.com pointing to the logo and (if present) the VMC.

The BIMI DNS record

default._bimi.example.com. IN TXT "v=BIMI1; l=https://example.com/brand/logo.svg; a=https://example.com/brand/vmc.pem"

Three tag-value pairs:

• v=BIMI1 — version (always BIMI1 currently).
• l=... — logo URL.
• a=... — VMC URL (optional but required by Gmail).

The default in the record name refers to the selector. Multiple selectors can be defined for different mail streams (e.g., marketing._bimi.example.com); the DKIM signature in mail can reference a specific BIMI selector.

SVG Tiny PS constraints

The SVG must follow the SVG Tiny Portable/Secure profile:

• Square viewport (1:1 aspect ratio).
• Solid background — fully filled, not transparent.
• No scripts, no animations, no external references.
• Limited element set (paths, basic shapes, text — no advanced filters).
• Specific metadata fields required.

Most logo SVGs from a marketing team won't comply directly. The BIMI Group publishes tools and validators to check compliance and suggest fixes.

Verified Mark Certificates

A VMC is a special TLS-style certificate, but instead of validating a domain it validates trademark ownership. The CA verifies you legally own the trademark for the logo. VMCs cost about $1,000-1,500 per year, last 1-2 years, and must be renewed.

Without a VMC, BIMI logos may display in some clients but not Gmail (which has been the primary driver of BIMI adoption). For brand-conscious senders, the VMC cost is the price of admission to Gmail's BIMI display.

The path to BIMI

1. Deploy SPF, DKIM, DMARC at p=none. Get authentication working without rejecting mail.
2. Read DMARC aggregate reports. Identify legitimate senders not yet authenticated; fix or align them.
3. Move DMARC to p=quarantine with low pct=. Gradually raise pct as confidence grows.
4. Reach p=quarantine; pct=100 or p=reject. Full enforcement.
5. Convert logo to SVG Tiny PS. Host on HTTPS.
6. Get a VMC. Required for Gmail.
7. Publish the BIMI DNS record.
8. Verify in supported clients.

Steps 1-4 are the time-consuming part. The rest is configuration.

What BIMI does not do

• Doesn't prevent spam or phishing on its own — DMARC does that. BIMI just visualizes the result.
• Doesn't appear in every client. Coverage is improving but not universal.
• Doesn't apply to plaintext mail or mail that fails DMARC.
• Doesn't override receiver filtering decisions. The logo only appears on mail that already made it to the inbox.

BIMI vs other branding mechanisms

• Profile images / avatars. Most mail clients support some form of sender image. BIMI is the standards-based way to control yours across clients.
• S/MIME signatures. Some clients show a different indicator for signed mail. Different mechanism, different visual.
• Verified-sender badges. Some clients show different indicators for high-reputation senders. Not standardized; vendor-specific.

BIMI is the closest thing to a portable brand-identification standard across mail clients.

Common implementation issues

• DMARC at p=none. BIMI clients ignore. Move to quarantine/reject.
• SVG not in Tiny PS profile. Validator rejects.
• Logo not square. Some clients display badly; some refuse to render.
• VMC missing for Gmail. Logo appears in Yahoo, Apple Mail, etc., but not Gmail.
• Mail from subdomains. BIMI record at root may not apply to subdomain mail; publish per subdomain or use organizational alignment.

Frequently Asked Questions

What is BIMI?

Brand Indicators for Message Identification — a standard that lets a domain owner publish a brand logo URL in DNS, and have participating mail clients display that logo next to authenticated mail from the domain. The goal is to give users a visual confirmation that mail is legitimately from the brand they think it's from.

What are the requirements for BIMI?

Three things. First, DMARC enforcement: your domain must publish a DMARC policy of quarantine or reject (p=quarantine or p=reject), not p=none. Second, an SVG-formatted logo hosted at a publicly-reachable HTTPS URL, in the specific "SVG Tiny PS" profile required by the spec. Third, for major mail providers, a Verified Mark Certificate (VMC) issued by an approved CA proving you own the trademark for the logo.

Why does BIMI require DMARC enforcement?

Because the whole point is visual verification of authenticated mail. If your domain doesn't enforce DMARC, attackers can send spoofed mail from your domain that authenticates poorly but isn't rejected. Showing the brand logo on that mail would be the opposite of what BIMI promises. Enforcement ensures unauthenticated mail can't reach the inbox to display the logo at all.

Does BIMI improve deliverability?

Indirectly. The DMARC enforcement that BIMI requires improves deliverability because authenticated mail is trusted more by receivers. BIMI itself doesn't directly affect filtering decisions. The visible logo improves brand recognition and open rates, which is the primary marketing value, but the deliverability gain is from the underlying DMARC posture, not BIMI itself.

Which mail clients display BIMI logos?

Gmail (with a VMC), Apple Mail on iOS and macOS, Yahoo Mail, AOL, and Fastmail are the major implementers. Microsoft 365 / Outlook does not currently display BIMI logos in most surfaces. Coverage is growing but inconsistent — a brand publishing BIMI today reaches a meaningful share of recipients but not all.