BIMI Explained: Adding Logos to Your Emails

Learn what BIMI is, how it connects brand logos to authenticated email, what DNS records are required, and why DMARC enforcement matters.

By CheckDomainHealth Editorial Team Reviewed by Dionis Ceban Updated Jun 28, 2026 9 min read Advanced

Introduction

BIMI, or Brand Indicators for Message Identification, allows supported mailbox providers to display a verified brand logo next to authenticated emails. It is designed to work on top of strong email authentication, especially DMARC enforcement.

BIMI is not the first step in email setup. Before adding BIMI, your domain should have SPF, DKIM and DMARC configured correctly, and DMARC should be enforced with quarantine or reject. You also need a BIMI-compatible SVG logo and, for many mailbox providers, a certificate such as a VMC or CMC.

Quick answer

Quick answer

BIMI lets supported mailbox providers show a brand logo for authenticated email. To use BIMI, your domain usually needs enforced DMARC, a BIMI DNS TXT record, a valid SVG Tiny PS logo hosted over HTTPS, and often a VMC or CMC certificate. BIMI does not guarantee that every inbox will display your logo.

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. It is a standard that lets domain owners publish a logo for supported mailbox providers to display beside authenticated email.

A BIMI setup usually includes:

  • SPF and DKIM authentication
  • DMARC enforcement
  • A BIMI DNS record
  • An SVG Tiny PS logo
  • Optionally, a VMC or CMC certificate
  • Good sending reputation

BIMI does not replace SPF, DKIM or DMARC. It depends on them.

BIMI requirements

Before BIMI, confirm

BIMI builds on a complete email authentication foundation.

SPF

SPF is configured correctly.

DKIM

DKIM is configured and signing mail.

DMARC enforcement

DMARC is enforced with p=quarantine or p=reject.

DMARC percentage

DMARC percentage is not reduced with pct less than 100.

Subdomain policy

Subdomain policy is considered.

SVG logo

Logo is available as SVG Tiny PS.

HTTPS hosting

Logo is hosted over HTTPS.

Certificate

VMC or CMC certificate is available if required.

Reputation

Sending reputation is healthy.

Some mailbox providers may require a verified certificate before showing the logo. Others may support self-asserted BIMI in limited cases. Provider policies can differ.

DMARC enforcement

BIMI depends on DMARC. A domain using p=none is generally not ready for BIMI logo display at major providers.

Common acceptable DMARC policies: p=quarantine or p=reject.

Example
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
Stronger example
v=DMARC1; p=reject; rua=mailto:dmarc@example.com

Do not move to quarantine or reject only to enable BIMI. First verify legitimate senders, SPF, DKIM, DMARC alignment and reports.

BIMI DNS record

A BIMI record is published as a DNS TXT record under a BIMI selector.

Default selector hostname
default._bimi.example.com
Example BIMI TXT record
v=BIMI1; l=https://example.com/bimi/logo.svg; a=https://example.com/bimi/certificate.pem

v=BIMI1

Identifies the record as BIMI.

l=

Points to the SVG logo file.

a=

Points to the certificate file if used.

default

The common BIMI selector.

If no certificate is used, some implementations may omit a= or leave it empty, but mailbox provider support varies.

Logo requirements

The BIMI logo should be an SVG Tiny PS file hosted at a public HTTPS URL.

Good BIMI logo setup:

  • Square logo
  • SVG Tiny PS format
  • Accessible over HTTPS
  • No login required
  • Stable URL
  • Brand mark matches the organization
  • File is not blocked by robots, firewall or hotlink protection

A normal SVG export from a design tool may not automatically be BIMI-compliant. The logo may need cleanup and validation.

VMC and CMC

Some mailbox providers require a mark certificate before displaying a BIMI logo.

VMC

  • Verified Mark Certificate.
  • Usually used for registered or officially recognized trademarks.

CMC

  • Common Mark Certificate.
  • Can support some marks that may not meet VMC trademark requirements.

Self-asserted BIMI

  • BIMI without a certificate.
  • Supported only by some providers and not enough for all major inboxes.

A certificate does not guarantee logo display. Mailbox providers still evaluate authentication, reputation and their own policies.

Why logo may not appear

DMARC is not enforced

High

The domain uses p=none or weak enforcement.

Next step: Review DMARC reports and move safely toward quarantine or reject.

SPF or DKIM alignment fails

High

The message does not pass DMARC alignment.

Next step: Fix SPF/DKIM alignment before expecting BIMI.

Logo is not SVG Tiny PS

High

The logo file is not in the required BIMI-compatible SVG format.

Next step: Convert and validate the logo.

Certificate missing

Medium

Some mailbox providers require VMC or CMC.

Next step: Check provider requirements and certificate options.

BIMI record is wrong

High

The DNS record is missing, malformed or published at the wrong hostname.

Next step: Check default._bimi.yourdomain.com.

Logo or certificate URL is blocked

Medium

The mailbox provider cannot fetch the file.

Next step: Make sure URLs are public, HTTPS and not blocked.

Sender reputation is not strong enough

Medium

Mailbox providers may choose not to display the logo even when BIMI is configured.

Next step: Maintain authenticated, consistent, low-complaint sending.

Why this matters

Why this matters

BIMI matters because it can improve brand recognition in supported inboxes and make legitimate messages easier to identify visually. It also encourages domains to reach stronger DMARC enforcement before displaying a logo.

BIMI is not a deliverability shortcut. It does not guarantee inbox placement, and it does not guarantee that every mailbox provider will show the logo.

How to check BIMI

Before checking BIMI itself, verify the domain’s email authentication foundation.

When checking BIMI readiness, review

These seven checks help confirm BIMI prerequisites.

SPF

Confirm SPF is valid and includes real senders.

DKIM

Confirm outgoing mail is DKIM-signed.

DMARC

Confirm DMARC is enforced with quarantine or reject.

BIMI DNS record

Check default._bimi.yourdomain.com.

Logo URL

Confirm the SVG logo is public, HTTPS and BIMI-compatible.

Certificate URL

Confirm VMC or CMC file is hosted if used.

Reputation

Confirm the domain has healthy sending practices.

Check DMARC before BIMI

Use DMARC Checker to confirm your domain is ready for BIMI requirements.

Run DMARC Check →

Common problems

DMARC is still p=none

High

BIMI usually requires DMARC enforcement, not only monitoring.

Next step: Review DMARC reports and move safely toward quarantine or reject.

BIMI record missing

High

No BIMI TXT record exists at default._bimi.yourdomain.com.

Next step: Publish a BIMI record with a valid logo URL and certificate URL if needed.

Logo file is not BIMI-compatible

High

The logo may be a normal SVG, PNG or JPG instead of SVG Tiny PS.

Next step: Prepare and validate an SVG Tiny PS logo.

Logo URL is not accessible

Medium

The logo URL may be blocked, redirected incorrectly or not available over HTTPS.

Next step: Host the logo at a stable public HTTPS URL.

Certificate missing or invalid

Medium

Some providers require VMC or CMC for logo display.

Next step: Use a valid certificate where required.

SPF/DKIM alignment fails

High

BIMI depends on DMARC passing, which requires aligned SPF or DKIM.

Next step: Fix authentication alignment first.

Reputation or provider policy prevents display

Medium

Even with correct BIMI, mailbox providers decide when to show logos.

Next step: Maintain good sending reputation and check provider-specific behavior.

How to set up BIMI

  1. Step 1: Fix SPF and DKIM

    Make sure legitimate senders are authenticated and aligned.

  2. Step 2: Move DMARC to enforcement

    Use DMARC reports before moving from p=none to quarantine or reject.

  3. Step 3: Prepare the logo

    Create an SVG Tiny PS logo that matches your brand mark.

  4. Step 4: Host the logo

    Place the logo at a stable public HTTPS URL.

  5. Step 5: Get a certificate if required

    Use VMC or CMC if the mailbox providers you care about require one.

  6. Step 6: Publish the BIMI record

    Add the TXT record at default._bimi.yourdomain.com.

  7. Step 7: Validate DNS and file access

    Check DMARC, BIMI DNS, logo URL and certificate URL.

  8. Step 8: Monitor display and reputation

    Remember that mailbox providers decide whether and when to display the logo.

Before publishing BIMI

Confirm readiness before adding the BIMI DNS record.

SPF valid

SPF is valid.

DKIM passes

DKIM passes.

DMARC alignment

DMARC passes alignment.

DMARC enforcement

DMARC uses quarantine or reject.

Senders reviewed

Legitimate senders are reviewed.

Logo ready

SVG Tiny PS logo is ready.

HTTPS logo

Logo is hosted over HTTPS.

Certificate

Certificate is available if required.

BIMI record prepared

BIMI DNS record is prepared.

Healthy reputation

Reputation is healthy.

After publishing BIMI

Verify and monitor after the BIMI record is live.

Check BIMI DNS

Check BIMI DNS record.

Check logo URL

Check logo URL.

Check certificate URL

Check certificate URL.

Send test messages

Send test messages.

Monitor display

Monitor mailbox provider behavior.

Watch DMARC reports

Continue watching DMARC reports.

BIMI examples

BIMI record with certificate
default._bimi.example.com TXT
v=BIMI1; l=https://example.com/bimi/logo.svg; a=https://example.com/bimi/certificate.pem
BIMI record without certificate
default._bimi.example.com TXT
v=BIMI1; l=https://example.com/bimi/logo.svg; a=
DMARC enforcement example
_dmarc.example.com TXT
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
Check commands
dig default._bimi.example.com TXT
dig _dmarc.example.com TXT
curl -I https://example.com/bimi/logo.svg
curl -I https://example.com/bimi/certificate.pem

These examples are illustrative. Use your real logo URL, certificate URL and DMARC reporting address.

Frequently asked questions

What is BIMI?

BIMI is a standard that lets supported mailbox providers display a brand logo beside authenticated emails.

Does BIMI improve deliverability?

Not directly. BIMI is not an inbox-placement guarantee. It depends on authentication, reputation and mailbox provider policies.

Does BIMI require DMARC?

Yes. BIMI generally requires DMARC enforcement with quarantine or reject.

Can I use BIMI with p=none?

For major BIMI support, p=none is usually not enough. DMARC enforcement is normally required.

What logo format does BIMI need?

BIMI uses an SVG Tiny PS logo hosted at a public HTTPS URL.

Do I need a VMC or CMC?

Many mailbox providers require a certificate such as VMC or CMC, while some may support self-asserted BIMI.

Why is my BIMI logo not showing?

Possible reasons include weak DMARC policy, failed alignment, invalid logo format, missing certificate, inaccessible URLs, reputation issues or mailbox provider policy.

Use these free tools to verify your configuration after applying changes.

Browse all Email Authentication guides →

Need help applying this fix?

Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.

Get Help Run Domain Health Check

Was this guide helpful?

Your feedback helps us improve our guides for everyone.