Sudory

BIMI

BIMI (Brand Indicators for Message Identification) puts a logo next to authenticated messages from your domain in supporting mail clients. Receivers that trust your DMARC render the logo. Spoofed mail that fails DMARC never gets to carry it.

The pieces: a TXT record in DNS, a tightly constrained SVG served over HTTPS, and (for some clients) a paid certificate that vouches for your right to use the logo. The spec is a long-running IETF draft; Gmail, Yahoo, and Apple Mail implement a stable subset.

What it is

BIMI is a branding layer on top of DMARC. DMARC already proves a message really came from your domain. BIMI is the next step: now that the receiver trusts the sender, show them your logo.

The mechanism is deliberately narrow. No logos for domains that cannot authenticate. No logos for messages that fail DMARC alignment. The logo is a trust signal, not a brand placement.

Why bother

Three reasons.

  1. Trust signal for recipients. People recognise a logo faster than a From address. A visible logo is a clearer authenticity cue than the raw domain name.
  2. Forcing function for DMARC. BIMI requires DMARC at quarantine or reject. Marketing wants the logo; that gives security a lever to finish the DMARC rollout.
  3. Small deliverability lift. Inbox-provider anecdote, not a guarantee. Domains with BIMI tend to stay above the spam line for longer.

Prerequisites

What BIMI requiresthree required, one optional
  1. 1DMARC at quarantine or rejectrequired

    Strict policy enforced on the domain. p=none is not enough. Alignment must pass.

  2. 2SVG Tiny PS logorequired

    A very restricted SVG profile: no scripts, no external references, square aspect ratio. Most corporate logos need a redraw.

  3. 3BIMI record in DNSrequired

    TXT record at default._bimi.example.com pointing to the logo URL (and optionally a cert).

  4. 4Verified Mark Certificate (VMC) or Common Mark Certificate (CMC)optional

    Paid attestation of the logo, issued by Entrust or DigiCert. ~$1500/year. Required by Apple Mail and some Gmail views.

The SVG is the step that breaks most deployments. "SVG Tiny PS" is a small subset: no scripts, no external references, no CSS beyond inline presentation attributes, square aspect ratio, centred artwork. Most corporate logos need a redraw before they qualify.

The record

Once the prerequisites are in place, publish a TXT record at default._bimi.example.com:

BIMI TXT recorddefault._bimi.example.com
v=BIMI1;l=https://example.com/logo.svg;a=https://example.com/vmc.pem;
version

identifies the record. Only BIMI1 is defined; every record carries it.

logo URL

where the SVG lives. Must be HTTPS and must serve Content-Type: image/svg+xml.

authority (optional)

URL of your VMC or CMC. Required by Apple Mail and some Gmail clients. Drop this tag entirely if you do not have one.

The default selector is what receivers use when the message does not carry a BIMI-Selector header. If you ship one logo, the default selector is all you need.

Who supports it

ClientRequires VMCNotes
Gmail (web, mobile)Yes, for round avatar slotLaunched BIMI support in 2021. Without VMC the logo renders as a bordered square in some views.
Yahoo MailNoFirst mover, accepts self-asserted logos since 2020.
Apple Mail (iOS 16+, macOS Ventura+)YesBIMI support via VMC/CMC required. No self-asserted fallback.
Fastmail, La Poste, AOL, NetscapeNoVarious stages of support, details change often.
Microsoft 365 / Outlooknot supported yetNo production support as of early 2026. Roadmap item.

Practical path: self-assert without a VMC to pick up Yahoo and partial Gmail coverage. Add a VMC or CMC later if Apple Mail coverage matters.

Common mistakes

BIMI record with DMARC at p=none

Receivers ignore the BIMI record. The logo does not render. DMARC must be at quarantine or reject, and sp= must not weaken the policy on subdomains.

SVG not in Tiny PS profile

The most common blocker. Illustrator and Figma exports almost always fail validation. Use a BIMI-specific converter, then check with a linter like the one at bimigroup.org.

SVG served with the wrong Content-Type

Must be image/svg+xml. Some CDNs default to application/xml or text/plain. Receivers reject.

VMC expected but not purchased

Apple Mail and some Gmail views do not render without a VMC. If Apple ecosystem coverage matters, the ~$1500/year is unavoidable for now.

subdomain drift

BIMI published at the apex, marketing sends from news.example.com, and the subdomain's DMARC is weaker. Receivers check the sending subdomain, not the apex. Publish BIMI per-subdomain where needed.

Check whether your DMARC is strict enough to unlock BIMI, and whether your BIMI record resolves to a valid SVG: scan your domain.