If you’re already using SPF, DKIM, and DMARC to authenticate your email, you’re one step away from showing your brand’s logo in supported email clients using BIMI (Brand Indicators for Message Identification).
What Is BIMI?
BIMI is an email standard that shows your logo next to your emails in the recipient’s inbox. It works alongside SPF, DKIM, and DMARC, so your domain must be properly authenticated.
In simple terms:
SPF + DKIM + DMARC (enforced) → verified domain → logo eligible for display
Your DMARC policy must also be set to either quarantine or reject. If your DMARC policy is p=none, BIMI will not work.
BIMI does not replace authentication. It builds on top of it.
BIMI does not directly improve inbox placement. However, a proper setup increases brand visibility and trust in inboxes. This can boost engagement and indirectly support better deliverability.
Step 1: Prepare a BIMI-Compliant Logo
BIMI requires:
- SVG Tiny 1.2 format (not a regular SVG export)
- Square aspect ratio
- No scripts
- No external references
- HTTPS accessible
- Correct MIME type (
image/svg+xml)
Important:
Many “normal” SVG files fail BIMI validation. Use this tool to convert them to Tiny 1.2 format.
Step 2: Add the BIMI DNS Record
BIMI uses a DNS TXT record with this structure:
<selector>._bimi.yourdomain.com
The standard selector is:
default
So your DNS record should be:
| Host / Name | default._bimi.yourdomain.com |
| Type | TXT |
| Value | v=BIMI1; l=https://yourdomain.com/logo.svg; |
If you later add a certificate, the record becomes:
v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/certificate.pem;
Step 3: Understanding & Obtaining a Certificate
While a BIMI record can technically exist without a certificate, most major email providers won’t show your logo unless you have a Verified Mark Certificate (VMC). Think of this as the “blue checkmark” for your email logo. It proves you actually own the trademark for that image.
Currently, there are two main types of certificates recognized in the BIMI ecosystem:
| Certificate Type | Description | Best For |
|---|---|---|
| Verified Mark Certificate (VMC) | The gold standard. Requires a registered trademark with an official government office (like the USPTO). | Enterprise brands and those wanting maximum visibility (especially Gmail). |
| Common Mark Certificate (CMC) | A newer, “lighter” version. Does not require a registered trademark but still requires identity validation. | Organizations with logos that have been used for a long time but are not officially trademarked. |
How to Get Your Certificate
- Register your Trademark: This is the bottleneck. Your logo must be registered with a supported trademark office (e.g., USPTO in the US, EUIPO in Europe).
- Choose a Certificate Authority (CA): Currently, DigiCert and Entrust are the primary authorities issuing VMCs.
- The Validation Process: The CA will verify your identity and your trademark registration. This isn’t instant—expect a few rounds of paperwork.
- Receive your PEM file: Once approved, you’ll get a
.pemfile. This is the file you host on your server and link to in thea=tag of your DNS record.
Which Email Providers Support BIMI?
Email inboxes handle BIMI differently. Some require a Verified Mark Certificate (VMC), while others don’t require any certificate.
| Provider | Supports BIMI? | Requires VMC? | Notes |
| Gmail / Google Workspace | Yes | Yes | Very strict. No VMC = No logo. |
| Apple Mail (iOS 16+) | Yes | Yes | Shows “Digitally Certified” in the header. |
| Yahoo / AOL | Yes | No (CMC/Self-signed) | Often shows logos even without a certificate if you have a high sender reputation. |
| Outlook / Office 365 | No | N/A | Microsoft has not yet adopted the BIMI standard. |
| La Poste / Fastmail | Yes | No | More flexible with self-signed logos. |
Note:
Even if a provider doesn’t require a VMC today, having one is the only way to ensure your logo appears consistently across the entire ecosystem.
Leave a Reply