Bitelio

What is BIMI? Brand Indicators for Message Identification

Learn what BIMI is, how it shows your brand logo in the inbox, and how to set it up with DMARC enforcement and a VMC certificate for verified email.

Updated July 14, 2026
7 min read

BIMI (Brand Indicators for Message Identification) is an email standard that displays your verified brand logo next to your messages in the recipient's inbox. Instead of a generic gray avatar or an initial, subscribers see your actual logo, the same way they might recognize a familiar shop front on a busy street.

BIMI is not an authentication protocol on its own. It is a visual layer that sits on top of DMARC, rewarding domains that have already done the hard work of setting up SPF, DKIM, and DMARC correctly. If your authentication is in order, BIMI turns that behind-the-scenes trust into something your customers can actually see.

What BIMI Is and Why It Matters

Email is a low-trust medium. Recipients are trained to be suspicious, and rightly so, because spoofing and phishing remain common. BIMI attacks this problem from the recognition side: when your logo appears beside a message, the reader gets an immediate, pre-open signal that the email is genuinely from your brand and has passed authentication. That small visual cue does a lot of work.

Instant Brand Recognition

Your logo appears in the inbox list and message header before the email is even opened, helping subscribers spot your mail among dozens of competing messages.

Higher Trust and Engagement

A verified logo signals legitimacy. Brands that adopt BIMI frequently report improved open rates and a stronger sense of authenticity, especially for transactional and receipt emails.

Anti-Spoofing Reinforcement

Because BIMI only displays when DMARC passes, an impostor cannot borrow your logo. The absence of your usual logo becomes a subtle warning sign for attentive recipients.

A Reason to Fix Authentication

The prize of a visible logo gives teams a concrete, marketing-friendly reason to finally push DMARC to enforcement, which benefits deliverability across the board.

BIMI Is a Reward, Not a Shortcut

You cannot use BIMI to skip the fundamentals. It is designed to surface trust that already exists in your authentication setup. If SPF, DKIM, and DMARC are not solid, no logo will appear.

How BIMI Works

BIMI ties together DNS, DMARC, and a hosted logo file. Here is what happens from setup to the moment your logo shows up in someone's inbox:

1. You Publish a BIMI DNS Record

You add a TXT record at a special BIMI selector on your domain that points to the URL of your logo and, in most cases, to a verification certificate.

2. You Send an Authenticated Email

You send mail from your domain as usual. That message must pass SPF or DKIM with proper alignment so that DMARC evaluates to a pass.

3. The Receiver Checks DMARC, Then BIMI

The receiving provider first confirms the message passes your DMARC policy at enforcement. Only then does it look up your BIMI record, fetch the logo, and (where required) validate the certificate.

4. Your Logo Is Displayed

If everything checks out, the provider renders your brand logo next to the message. If any step fails, the provider simply falls back to its default avatar and nothing breaks.

The BIMI record itself is a TXT record published at the default._bimi selector under your domain. A typical record looks like this:

Example BIMI DNS Record
default._bimi.yourdomain.com.  IN TXT  "v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/vmc.pem"

# Breaking down the components:
# v=BIMI1                          -> BIMI version (always BIMI1)
# l=https://.../logo.svg           -> Location of your SVG Tiny PS logo
# a=https://.../vmc.pem            -> Authority evidence (VMC/CMC certificate)

BIMI Record Tags

TagMeaning
v=BIMI1Version identifier, always BIMI1
l=HTTPS URL of the SVG Tiny PS logo file
a=HTTPS URL of the VMC or CMC certificate (authority evidence)

The Selector Matters

Most deployments use the default selector, so the record lives at default._bimi.yourdomain.com. The selector can be changed via the BIMI-Selector header if you need different logos for different mail streams, but the default covers the vast majority of use cases.

BIMI Requirements

BIMI has three core requirements. Miss any one of them and your logo will not appear, so it is worth understanding each in detail.

1. DMARC at Enforcement

Your domain must have a DMARC record published with a policy of p=quarantine or p=reject. A policy of p=none is monitoring only and does not qualify. Most providers also expect the policy to apply to all mail, so avoid lowering coverage with the pct tag. Because DMARC depends on aligned SPF and DKIM, this requirement quietly forces your whole authentication stack to be correct first.

2. A VMC or CMC Certificate

A Verified Mark Certificate (VMC) proves you own the logo, typically by verifying a registered trademark with a certificate authority such as DigiCert or Entrust. A newer Common Mark Certificate (CMC) covers logos that are not trademarked but have been in prior use. Gmail and Apple Mail require one of these; the certificate URL goes in the a= tag of your BIMI record.

3. An SVG Tiny PS Logo

The logo must be an SVG file in the restricted SVG Tiny Portable/Secure (SVG Tiny PS) profile. It needs a <title> element, a square viewBox, a solid background fill, and no scripts, external links, animation, or embedded raster images. Keep the file small (ideally under 32 KB) and host it over HTTPS.

p=none Will Not Work

The single most common reason a BIMI logo fails to appear is a DMARC policy of p=none. You must move to enforcement. Use the DMARC checker to confirm your policy is set to quarantine or reject before you invest in a certificate.

How to Set Up BIMI

1

Get DMARC to Enforcement

Confirm SPF and DKIM are aligned, monitor your DMARC reports, then move your policy from p=none to p=quarantine and eventually p=reject. This is the foundation everything else rests on.

2

Create an SVG Tiny PS Logo

Start from a square version of your logo and convert it to the SVG Tiny PS profile. Add a title, a solid background, and remove any scripts or external references. Validate the file before publishing.

3

Obtain a VMC or CMC Certificate

Purchase a certificate from an authorized issuer. Expect to provide proof of a registered trademark for a VMC, or evidence of prior use for a CMC. The issuer signs your logo and gives you a PEM file to host.

4

Host the Logo and Certificate

Upload both the SVG file and the certificate PEM to a location on your own domain, served over HTTPS. Note the two URLs, because you will reference them in the DNS record.

5

Publish the BIMI DNS Record

Add a TXT record at the default._bimi selector pointing to both URLs:

dns
default._bimi  IN TXT  "v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/vmc.pem"
6

Test and Wait

Use a BIMI inspection tool to confirm the record, logo, and certificate all validate. Then send test mail to a supporting provider. Display can take time to appear as providers cache and re-check records.

Authentication First, Logo Second

Bitelio walks you through SPF, DKIM, and DMARC setup for your sending domain and verifies each record. Getting those green is the prerequisite for BIMI, so once your domain authenticates cleanly you are ready to add the BIMI record and certificate.

Benefits of BIMI

BIMI pays off in two ways: the direct effect of a visible logo, and the indirect effect of the authentication you had to fix to earn it.

Stronger inbox presence

A consistent logo across every message reinforces your brand and makes your mail easier to find and trust at a glance.

Better protection against impersonation

With DMARC at enforcement, spoofed messages are quarantined or rejected, and your verified logo cannot be copied onto fraudulent mail.

Improved engagement metrics

Recognizable, trustworthy mail tends to be opened more and reported as spam less, both of which feed back into a healthier sender reputation.

A cleaner authentication posture

The road to BIMI leaves you with aligned SPF, DKIM, and enforced DMARC, which is the single best thing you can do for long-term deliverability.

Current Limitations and Mailbox Support

BIMI is worth adopting, but it is still maturing. Set expectations accordingly before you commit budget.

Uneven Provider Support

Gmail, Apple Mail, Yahoo, AOL, Fastmail, and La Poste display BIMI logos today, with Gmail and Apple requiring a VMC or CMC. Microsoft Outlook has announced support and has been rolling it out gradually. Because behavior varies, treat BIMI as a progressive enhancement rather than a guaranteed, universal feature.

Certificate Cost and Trademark Barrier

A VMC generally requires a registered trademark and an annual fee that can run from a few hundred to over a thousand US dollars. The CMC lowers the trademark barrier but is newer and less widely supported. For small brands without a trademark, the cost and paperwork can be a real hurdle.

Strict Logo Rules

The SVG Tiny PS profile is unforgiving. Logos with fine detail, transparency, or non-square proportions often need to be redrawn. What renders crisply as a small circular avatar is not always the same as your full brand mark.

No Direct Deliverability Boost

Publishing a BIMI record is not a ranking signal. The gains come from the authentication work and the trust the logo conveys, not from the tag itself. Do not expect BIMI to rescue mail that is landing in spam for other reasons.

Start With the Foundation

If you are not ready to buy a certificate, still get DMARC to enforcement now. You will capture most of the deliverability and anti-spoofing benefit immediately, and adding the BIMI logo later becomes a quick final step.

Frequently asked questions

What is BIMI in email?

BIMI (Brand Indicators for Message Identification) is an email standard that lets a domain owner display a verified brand logo next to authenticated messages in the recipient's inbox. It works on top of DMARC: you publish a BIMI DNS record pointing to your logo (and usually a certificate), and supporting mailbox providers show that logo once your message passes authentication. BIMI does not authenticate email by itself, it is a visual reward for domains that already have strong SPF, DKIM, and DMARC.

Do I need DMARC for BIMI to work?

Yes. DMARC at an enforcement policy is a hard requirement for BIMI. Your domain's DMARC record must be published with a policy of p=quarantine or p=reject, and most providers also expect the policy to apply to 100% of mail (pct=100). Domains stuck on p=none will not display a BIMI logo. Because DMARC in turn depends on SPF and DKIM alignment, BIMI effectively requires your entire authentication stack to be correct before any logo appears.

What is a VMC and do I have to buy one?

A VMC (Verified Mark Certificate) is a digital certificate that proves you own the logo you want to display, usually by verifying a registered trademark. For Gmail and Apple Mail, a VMC (or the newer CMC for common marks) is required, so in practice you do need to purchase one from a certificate authority such as DigiCert or Entrust. Costs typically run in the range of a few hundred to just over a thousand US dollars per year. Some providers like Fastmail will show a logo without a certificate, but for the widest support a VMC or CMC is expected.

What image format does BIMI require?

BIMI requires the logo to be an SVG file in the specific SVG Tiny Portable/Secure (SVG Tiny PS) profile. This is a restricted subset of SVG with no scripts, external references, animation, or raster images, and it must include a title, a square viewBox, and a solid background. PNG and JPG are not accepted. The file should be small (ideally under 32 KB) and served over HTTPS. Most brands export their logo from a design tool and then run it through a BIMI conversion or validation utility to meet the profile.

Which email providers support BIMI?

Support has grown steadily. Gmail, Apple Mail (iOS and macOS), Yahoo Mail, AOL, Fastmail, and La Poste display BIMI logos, with Gmail and Apple requiring a VMC or CMC certificate. Microsoft Outlook and Outlook.com announced BIMI support and have been rolling it out, but coverage has historically lagged the others. Because support and exact display rules differ per provider, treat BIMI as a progressive enhancement: the logo appears where it is supported and simply does nothing where it is not.

Does BIMI improve deliverability?

BIMI is not a direct ranking signal, so publishing a BIMI record does not by itself push more mail to the inbox. However, the prerequisites for BIMI, especially DMARC at enforcement with aligned SPF and DKIM, are strongly correlated with good deliverability. The visible logo also improves recognition and trust, which can lift open rates and reduce the chance that recipients mark your mail as spam. In short, the work you do to qualify for BIMI helps deliverability more than the logo tag itself.