What is BIMI? Brand Indicators for Message Identification
Learn what BIMI is, how it shows your brand logo in the inbox, and how to set it up with DMARC enforcement and a VMC certificate for verified email.
BIMI (Brand Indicators for Message Identification) is an email standard that displays your verified brand logo next to your messages in the recipient's inbox. Instead of a generic gray avatar or an initial, subscribers see your actual logo, the same way they might recognize a familiar shop front on a busy street.
BIMI is not an authentication protocol on its own. It is a visual layer that sits on top of DMARC, rewarding domains that have already done the hard work of setting up SPF, DKIM, and DMARC correctly. If your authentication is in order, BIMI turns that behind-the-scenes trust into something your customers can actually see.
What BIMI Is and Why It Matters
Email is a low-trust medium. Recipients are trained to be suspicious, and rightly so, because spoofing and phishing remain common. BIMI attacks this problem from the recognition side: when your logo appears beside a message, the reader gets an immediate, pre-open signal that the email is genuinely from your brand and has passed authentication. That small visual cue does a lot of work.
Instant Brand Recognition
Your logo appears in the inbox list and message header before the email is even opened, helping subscribers spot your mail among dozens of competing messages.
Higher Trust and Engagement
A verified logo signals legitimacy. Brands that adopt BIMI frequently report improved open rates and a stronger sense of authenticity, especially for transactional and receipt emails.
Anti-Spoofing Reinforcement
Because BIMI only displays when DMARC passes, an impostor cannot borrow your logo. The absence of your usual logo becomes a subtle warning sign for attentive recipients.
A Reason to Fix Authentication
The prize of a visible logo gives teams a concrete, marketing-friendly reason to finally push DMARC to enforcement, which benefits deliverability across the board.
BIMI Is a Reward, Not a Shortcut
You cannot use BIMI to skip the fundamentals. It is designed to surface trust that already exists in your authentication setup. If SPF, DKIM, and DMARC are not solid, no logo will appear.
How BIMI Works
BIMI ties together DNS, DMARC, and a hosted logo file. Here is what happens from setup to the moment your logo shows up in someone's inbox:
1. You Publish a BIMI DNS Record
You add a TXT record at a special BIMI selector on your domain that points to the URL of your logo and, in most cases, to a verification certificate.
2. You Send an Authenticated Email
You send mail from your domain as usual. That message must pass SPF or DKIM with proper alignment so that DMARC evaluates to a pass.
3. The Receiver Checks DMARC, Then BIMI
The receiving provider first confirms the message passes your DMARC policy at enforcement. Only then does it look up your BIMI record, fetch the logo, and (where required) validate the certificate.
4. Your Logo Is Displayed
If everything checks out, the provider renders your brand logo next to the message. If any step fails, the provider simply falls back to its default avatar and nothing breaks.
The BIMI record itself is a TXT record published at the default._bimi selector under your domain. A typical record looks like this:
default._bimi.yourdomain.com. IN TXT "v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/vmc.pem"
# Breaking down the components:
# v=BIMI1 -> BIMI version (always BIMI1)
# l=https://.../logo.svg -> Location of your SVG Tiny PS logo
# a=https://.../vmc.pem -> Authority evidence (VMC/CMC certificate)BIMI Record Tags
| Tag | Meaning |
|---|---|
| v=BIMI1 | Version identifier, always BIMI1 |
| l= | HTTPS URL of the SVG Tiny PS logo file |
| a= | HTTPS URL of the VMC or CMC certificate (authority evidence) |
The Selector Matters
Most deployments use the default selector, so the record lives at default._bimi.yourdomain.com. The selector can be changed via the BIMI-Selector header if you need different logos for different mail streams, but the default covers the vast majority of use cases.
BIMI Requirements
BIMI has three core requirements. Miss any one of them and your logo will not appear, so it is worth understanding each in detail.
1. DMARC at Enforcement
Your domain must have a DMARC record published with a policy of p=quarantine or p=reject. A policy of p=none is monitoring only and does not qualify. Most providers also expect the policy to apply to all mail, so avoid lowering coverage with the pct tag. Because DMARC depends on aligned SPF and DKIM, this requirement quietly forces your whole authentication stack to be correct first.
2. A VMC or CMC Certificate
A Verified Mark Certificate (VMC) proves you own the logo, typically by verifying a registered trademark with a certificate authority such as DigiCert or Entrust. A newer Common Mark Certificate (CMC) covers logos that are not trademarked but have been in prior use. Gmail and Apple Mail require one of these; the certificate URL goes in the a= tag of your BIMI record.
3. An SVG Tiny PS Logo
The logo must be an SVG file in the restricted SVG Tiny Portable/Secure (SVG Tiny PS) profile. It needs a <title> element, a square viewBox, a solid background fill, and no scripts, external links, animation, or embedded raster images. Keep the file small (ideally under 32 KB) and host it over HTTPS.
p=none Will Not Work
The single most common reason a BIMI logo fails to appear is a DMARC policy of p=none. You must move to enforcement. Use the DMARC checker to confirm your policy is set to quarantine or reject before you invest in a certificate.
How to Set Up BIMI
Get DMARC to Enforcement
Confirm SPF and DKIM are aligned, monitor your DMARC reports, then move your policy from p=none to p=quarantine and eventually p=reject. This is the foundation everything else rests on.
Create an SVG Tiny PS Logo
Start from a square version of your logo and convert it to the SVG Tiny PS profile. Add a title, a solid background, and remove any scripts or external references. Validate the file before publishing.
Obtain a VMC or CMC Certificate
Purchase a certificate from an authorized issuer. Expect to provide proof of a registered trademark for a VMC, or evidence of prior use for a CMC. The issuer signs your logo and gives you a PEM file to host.
Host the Logo and Certificate
Upload both the SVG file and the certificate PEM to a location on your own domain, served over HTTPS. Note the two URLs, because you will reference them in the DNS record.
Publish the BIMI DNS Record
Add a TXT record at the default._bimi selector pointing to both URLs:
default._bimi IN TXT "v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/vmc.pem"Test and Wait
Use a BIMI inspection tool to confirm the record, logo, and certificate all validate. Then send test mail to a supporting provider. Display can take time to appear as providers cache and re-check records.
Authentication First, Logo Second
Bitelio walks you through SPF, DKIM, and DMARC setup for your sending domain and verifies each record. Getting those green is the prerequisite for BIMI, so once your domain authenticates cleanly you are ready to add the BIMI record and certificate.
Benefits of BIMI
BIMI pays off in two ways: the direct effect of a visible logo, and the indirect effect of the authentication you had to fix to earn it.
Stronger inbox presence
A consistent logo across every message reinforces your brand and makes your mail easier to find and trust at a glance.
Better protection against impersonation
With DMARC at enforcement, spoofed messages are quarantined or rejected, and your verified logo cannot be copied onto fraudulent mail.
Improved engagement metrics
Recognizable, trustworthy mail tends to be opened more and reported as spam less, both of which feed back into a healthier sender reputation.
A cleaner authentication posture
The road to BIMI leaves you with aligned SPF, DKIM, and enforced DMARC, which is the single best thing you can do for long-term deliverability.
Current Limitations and Mailbox Support
BIMI is worth adopting, but it is still maturing. Set expectations accordingly before you commit budget.
Uneven Provider Support
Gmail, Apple Mail, Yahoo, AOL, Fastmail, and La Poste display BIMI logos today, with Gmail and Apple requiring a VMC or CMC. Microsoft Outlook has announced support and has been rolling it out gradually. Because behavior varies, treat BIMI as a progressive enhancement rather than a guaranteed, universal feature.
Certificate Cost and Trademark Barrier
A VMC generally requires a registered trademark and an annual fee that can run from a few hundred to over a thousand US dollars. The CMC lowers the trademark barrier but is newer and less widely supported. For small brands without a trademark, the cost and paperwork can be a real hurdle.
Strict Logo Rules
The SVG Tiny PS profile is unforgiving. Logos with fine detail, transparency, or non-square proportions often need to be redrawn. What renders crisply as a small circular avatar is not always the same as your full brand mark.
No Direct Deliverability Boost
Publishing a BIMI record is not a ranking signal. The gains come from the authentication work and the trust the logo conveys, not from the tag itself. Do not expect BIMI to rescue mail that is landing in spam for other reasons.
Start With the Foundation
If you are not ready to buy a certificate, still get DMARC to enforcement now. You will capture most of the deliverability and anti-spoofing benefit immediately, and adding the BIMI logo later becomes a quick final step.