When your customer opens Gmail, they could see your brand logo with a blue verification checkmark next to your company name. Your actual logo, verified by Google, instead of a blank circle or a generic avatar.
That is what BIMI (Brand Indicators for Message Identification) does. It turns your email authentication work into something your recipients can see. Major mailbox providers support it to different degrees, with Gmail and Apple Mail documenting BIMI support. A joint study by Red Sift and Entrust found that BIMI can increase open rates by up to 39%, and a Yahoo Mail pilot measured a 10% engagement lift across the board.
The catch? Fewer than 5% of domains have implemented it. If you have already enforced your DMARC policy, you are closer than you think.
The 4-step journey to BIMI
Step 1: enforce your DMARC policy
BIMI is built on trust. Mailbox providers will only display your logo if your domain has an enforced DMARC policy. For Gmail, you need p=quarantine or p=reject, and pct=100.
A DMARC record alone is not enough. Your sending infrastructure (marketing tools, transactional email, CRM) must actually pass SPF or DKIM checks aligned with your From domain. If a third-party service sends email on your behalf without proper alignment, BIMI will not activate.
Watch out: partial enforcement
Rolling out DMARC gradually with pct=10 or pct=50? Gmail will not show the logo until you reach pct=100. Google requires full enforcement.
Step 2: prepare your logo
BIMI does not accept regular SVG files. Your logo must use the SVG Tiny Portable/Secure (P/S) profile. This is the step where most people run into trouble, because a logo that looks perfect in a browser can still be rejected by Gmail.
What the BIMI standard requires
- SVG Tiny 1.2 P/S format (baseProfile="tiny-ps", version="1.2")
- Square aspect ratio (1:1)
- Centered artwork in a square. A solid background is recommended because transparent logos may not display as expected.
- Hosted on a public HTTPS URL
- No scripts, no animations, no external references
- No x= or y= attributes on the root <svg> element
- Include a <title> element with your organization's name
Gmail adds extra rules
On top of the BIMI standard, Gmail requires:
- Minimum 96 x 96 pixels (use absolute dimensions like width="96" height="96", not width="100%")
- File size of 32 KB or smaller (the logo gets embedded in the BIMI certificate)
- A <desc> element for accessibility
Already have a standard SVG? Use our BIMI SVG to Tiny P/S converter to convert it automatically.
Hosting tips
- Use clean URLs. Query strings like logo.svg?v=1 often fail validation.
- Make sure the file is publicly accessible. No geo-fencing, no bot challenges, no login walls.
- Use a reliable HTTPS endpoint. Providers cache aggressively, but the first fetch must succeed.
Step 3: get a certificate
Gmail will not display your logo from a standalone SVG file. You need a digital certificate that ties your logo to your domain. There are two types: VMC and CMC.
| VMC (Verified Mark Certificate) | CMC (Common Mark Certificate) | |
|---|---|---|
| What you get | Logo + blue verification checkmark in Gmail | Logo only (no checkmark) |
| Trademark required? | Yes, registered with USPTO, EUIPO, or equivalent | No. You need 12+ months of documented logo use instead |
| Timeline | Longer (trademark verification can take weeks to months) | Faster (no trademark step) |
| Best for | Brands with a registered trademark who want maximum trust | Organizations without a trademark, or those who want a faster path to logo display |
Both certificate types require the same technical prerequisites: SPF, DKIM, enforced DMARC, a BIMI-compliant SVG, and public HTTPS hosting for the certificate file. They differ in how your identity is verified. Validity's BIMI requirements guide has a detailed comparison.
What about providers other than Gmail?
- Apple Mail: Displays BIMI logos on iOS 16+, macOS Ventura 13+, and iCloud.com.
- Other mailbox providers: Check the current BIMI requirements for the providers your recipients actually use before rollout.
Get your certificate through DMARCTrust
As an authorized Sectigo reseller, we handle the full process: DMARC enforcement, logo preparation with our SVG Tiny P/S converter, compliance checks, and certificate issuance. One team, no back-and-forth.
DMARCTrust subscribers save 10% or more on Sectigo VMC and CMC certificates. View pricing.
Step 4: publish your BIMI DNS record
The DNS record tells mailbox providers where to find your logo and certificate. It is a TXT record published at a specific subdomain.
Where to publish
The record goes at:
The default prefix is required. If you publish at _bimi.yourdomain.com (missing "default"), receivers will not find it.
Record format
The record contains the version (v=BIMI1), your logo URL (l=), and your certificate URL (a=):
Watch your DNS console
Some DNS providers automatically append your domain name to the record. If you type default._bimi.example.com into such a provider, you may end up with default._bimi.example.com.example.com. Always verify the final result.
Set a short TTL (1 hour) while testing, then increase it once everything works.
Skip the manual work
Generate a syntactically correct BIMI record in seconds.
What happens after setup
Once your DNS record, logo, and certificate are in place, you need patience.
- Up to 48 hours: Google can take up to 48 hours to fetch and cache your assets after you publish the record.
- Provider discretion: BIMI is not a guarantee. Even with a perfect setup, a provider may choose not to display your logo if your sender reputation is low or if spam complaints spike.
Advanced: selectors
Like DKIM, BIMI supports selectors. This lets you use different logos for different email streams (marketing vs. transactional, for example) from the same domain. Add a BIMI-Selector header to your emails:
The receiver then queries marketing._bimi.yourdomain.com instead of default.
Advanced: CMC prior-use evidence
If you do not have a registered trademark, the CMC path requires proof that your logo has been in continuous public use for at least 12 months. Certificate Authorities like DigiCert and Entrust accept these types of evidence:
- Website presence: Dated screenshots or Wayback Machine captures showing the logo on your domain for 12+ consecutive months.
- Commercial use: Invoices, brochures, ads, or packaging featuring the logo, dated at least 1 year back.
- Trademark clearance: The CA may search trademark databases (USPTO, EUIPO) to verify no third party has registered a conflicting mark.
The logo must be associated with your organization and a domain you control. The validation process is similar to an EV SSL certificate: expect identity checks, domain verification, and potentially a video call.
Advanced: how the PEM file works
When your VMC or CMC is issued, you receive a PEM file containing the full certificate chain:
- Your entity certificate (with your SVG logo embedded inside it)
- Intermediate CA certificate(s)
- Root CA certificate
Upload this file to a public HTTPS server and reference it in your BIMI record's a= parameter.
Why is the logo embedded in the certificate?
The certificate uses the Logotype Extension (RFC 3709) to store your Base64-encoded SVG data inside the certificate. Even if someone compromises your web server and replaces the logo file, the certificate still holds the original, CA-signed logo. This is also why the 32 KB size limit is strict: larger files would bloat the TLS handshake.
Troubleshooting
Two quick commands to verify your setup before waiting on inbox providers:
1. Check the DNS record
2. Verify asset reachability
You want a 200 OK with Content-Type: image/svg+xml.
You can also use our BIMI record generator to validate your setup end-to-end.
Sources
- BIMI Group : the organization behind the BIMI specification.
- Google Workspace: set up BIMI : Gmail requirements, including the 48-hour propagation delay and SVG specifications.
- Validity: the alphabet soup of BIMI requirements : detailed comparison of VMC, CMC, and Apple Business Connect.
- BIMI Group: announcing Common Mark Certificates : the official CMC announcement and eligibility criteria.
- VMC and CMC certificates for BIMI: display your logo in Gmail: our guide to obtaining and managing BIMI certificates.