Understand BIMI (Brand Indicators for Message Identification)

Show your verified brand logo in the inbox. Learn prerequisites, DNS records, SVG/VMC requirements, and how mailbox providers evaluate BIMI.

BIMI lets mailbox providers display your brand logo next to authenticated emails. It builds on DMARC and helps recipients visually trust messages from your domain.

How BIMI Works

  • Authentication first: Your messages must pass DMARC with alignment (SPF or DKIM) and use an enforcement policy (p=quarantine or p=reject).
  • BIMI record: Publish a DNS TXT at default._bimi.example.com pointing to your logo and optional VMC.
  • Mailbox provider checks: If DMARC passes and policy is enforced, the provider fetches your logo and (for some providers) validates your VMC.

DNS Record Format

Publish a TXT record at default._bimi.example.com with at least a logo URL (l=). Add a VMC URL (a=) where required:

default._bimi.example.com. 3600 IN TXT "v=BIMI1; l=https://brand.example.com/bimi/logo.svg; a=https://brand.example.com/bimi/example_vmc.pem"

💡 Quick Start: Generate a valid BIMI record instantly with our free builder tool.

Free BIMI Record Generator
  • v: Protocol version (BIMI1).
  • l: HTTPS URL to an SVG logo meeting BIMI constraints.
  • a: HTTPS URL to a Verified Mark Certificate (VMC) in PEM (required by Gmail; optional for some other providers).

Logo Requirements (SVG)

  • SVG Tiny P/S (profile used by BIMI); no scripts, no external references, no animation.
  • Square aspect, centered artwork with safe margins; background filled (not transparent) to ensure contrast in dark themes.
  • Single logo, no text-only marks preferred; keep file size modest (e.g., < 32KB where practical).
  • Serve over HTTPS with a stable URL; set long cache headers.

VMC (Verified Mark Certificate)

A VMC is an X.509 certificate from an authorized CA (e.g., Entrust, DigiCert) that asserts your right to use the logo. Gmail requires a valid VMC; Yahoo may display logos without a VMC, but policies vary by provider.

Selectors (Advanced)

By default providers query default._bimi.example.com. You can publish additional selectors and reference them from messages using the BIMI-Selector header:

BIMI-Selector: v=BIMI1; s=newlogo ; DNS: newlogo._bimi.example.com. 3600 IN TXT "v=BIMI1; l=https://brand.example.com/bimi/newlogo.svg; a=https://brand.example.com/bimi/newlogo_vmc.pem"

Deployment Checklist

  1. Ensure DMARC at enforcement (p=quarantine or reject) and messages pass DMARC with alignment.
  2. Host BIMI‑compliant SVG logo at a stable HTTPS URL; acquire a VMC if required by your target providers.
  3. Publish the BIMI TXT at default._bimi.example.com with v=BIMI1, l= logo URL, and optional a= VMC URL. → Use our free BIMI generator
  4. Send test emails to seed accounts on Gmail/Yahoo and verify logo display after provider caches update.

Validation & Troubleshooting

  • Check DNS: dig TXT default._bimi.example.com +short
  • Fetch logo: curl -I https://brand.example.com/bimi/logo.svg (must be HTTPS, correct content‑type)
  • Confirm DMARC: Policy must be enforced and pass alignment for your traffic.

Common issues: DMARC not enforced, SVG contains disallowed features, mismatched brand/legal entity vs VMC, or incorrect TXT formatting (missing semicolons).

Sources & Further Reading

Was this page helpful? Send us feedback

← Back to Home Check Your Domain