BIMI Explained: Adding Logos to Your Emails
Learn what BIMI is, how it connects brand logos to authenticated email, what DNS records are required, and why DMARC enforcement matters.
Introduction
BIMI, or Brand Indicators for Message Identification, allows supported mailbox providers to display a verified brand logo next to authenticated emails. It is designed to work on top of strong email authentication, especially DMARC enforcement.
BIMI is not the first step in email setup. Before adding BIMI, your domain should have SPF, DKIM and DMARC configured correctly, and DMARC should be enforced with quarantine or reject. You also need a BIMI-compatible SVG logo and, for many mailbox providers, a certificate such as a VMC or CMC.
Quick answer
BIMI lets supported mailbox providers show a brand logo for authenticated email. To use BIMI, your domain usually needs enforced DMARC, a BIMI DNS TXT record, a valid SVG Tiny PS logo hosted over HTTPS, and often a VMC or CMC certificate. BIMI does not guarantee that every inbox will display your logo.
What is BIMI?
BIMI stands for Brand Indicators for Message Identification. It is a standard that lets domain owners publish a logo for supported mailbox providers to display beside authenticated email.
A BIMI setup usually includes:
- SPF and DKIM authentication
- DMARC enforcement
- A BIMI DNS record
- An SVG Tiny PS logo
- Optionally, a VMC or CMC certificate
- Good sending reputation
BIMI does not replace SPF, DKIM or DMARC. It depends on them.
BIMI requirements
Before BIMI, confirm
BIMI builds on a complete email authentication foundation.
SPF
SPF is configured correctly.
DKIM
DKIM is configured and signing mail.
DMARC enforcement
DMARC is enforced with p=quarantine or p=reject.
DMARC percentage
DMARC percentage is not reduced with pct less than 100.
Subdomain policy
Subdomain policy is considered.
SVG logo
Logo is available as SVG Tiny PS.
HTTPS hosting
Logo is hosted over HTTPS.
Certificate
VMC or CMC certificate is available if required.
Reputation
Sending reputation is healthy.
Some mailbox providers may require a verified certificate before showing the logo. Others may support self-asserted BIMI in limited cases. Provider policies can differ.
DMARC enforcement
BIMI depends on DMARC. A domain using p=none is generally not ready for BIMI logo display at major providers.
Common acceptable DMARC policies: p=quarantine or p=reject.
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
v=DMARC1; p=reject; rua=mailto:dmarc@example.com
Do not move to quarantine or reject only to enable BIMI. First verify legitimate senders, SPF, DKIM, DMARC alignment and reports.
BIMI DNS record
A BIMI record is published as a DNS TXT record under a BIMI selector.
default._bimi.example.com
v=BIMI1; l=https://example.com/bimi/logo.svg; a=https://example.com/bimi/certificate.pem
v=BIMI1
Identifies the record as BIMI.
l=
Points to the SVG logo file.
a=
Points to the certificate file if used.
default
The common BIMI selector.
If no certificate is used, some implementations may omit a= or leave it empty, but mailbox provider support varies.
Logo requirements
The BIMI logo should be an SVG Tiny PS file hosted at a public HTTPS URL.
Good BIMI logo setup:
- Square logo
- SVG Tiny PS format
- Accessible over HTTPS
- No login required
- Stable URL
- Brand mark matches the organization
- File is not blocked by robots, firewall or hotlink protection
A normal SVG export from a design tool may not automatically be BIMI-compliant. The logo may need cleanup and validation.
VMC and CMC
Some mailbox providers require a mark certificate before displaying a BIMI logo.
VMC
- Verified Mark Certificate.
- Usually used for registered or officially recognized trademarks.
CMC
- Common Mark Certificate.
- Can support some marks that may not meet VMC trademark requirements.
Self-asserted BIMI
- BIMI without a certificate.
- Supported only by some providers and not enough for all major inboxes.
A certificate does not guarantee logo display. Mailbox providers still evaluate authentication, reputation and their own policies.
Why logo may not appear
DMARC is not enforced
HighThe domain uses p=none or weak enforcement.
Next step: Review DMARC reports and move safely toward quarantine or reject.
SPF or DKIM alignment fails
HighThe message does not pass DMARC alignment.
Next step: Fix SPF/DKIM alignment before expecting BIMI.
Logo is not SVG Tiny PS
HighThe logo file is not in the required BIMI-compatible SVG format.
Next step: Convert and validate the logo.
Certificate missing
MediumSome mailbox providers require VMC or CMC.
Next step: Check provider requirements and certificate options.
BIMI record is wrong
HighThe DNS record is missing, malformed or published at the wrong hostname.
Next step: Check default._bimi.yourdomain.com.
Logo or certificate URL is blocked
MediumThe mailbox provider cannot fetch the file.
Next step: Make sure URLs are public, HTTPS and not blocked.
Sender reputation is not strong enough
MediumMailbox providers may choose not to display the logo even when BIMI is configured.
Next step: Maintain authenticated, consistent, low-complaint sending.
Why this matters
BIMI matters because it can improve brand recognition in supported inboxes and make legitimate messages easier to identify visually. It also encourages domains to reach stronger DMARC enforcement before displaying a logo.
BIMI is not a deliverability shortcut. It does not guarantee inbox placement, and it does not guarantee that every mailbox provider will show the logo.
How to check BIMI
Before checking BIMI itself, verify the domain’s email authentication foundation.
When checking BIMI readiness, review
These seven checks help confirm BIMI prerequisites.
SPF
Confirm SPF is valid and includes real senders.
DKIM
Confirm outgoing mail is DKIM-signed.
DMARC
Confirm DMARC is enforced with quarantine or reject.
BIMI DNS record
Check default._bimi.yourdomain.com.
Logo URL
Confirm the SVG logo is public, HTTPS and BIMI-compatible.
Certificate URL
Confirm VMC or CMC file is hosted if used.
Reputation
Confirm the domain has healthy sending practices.
Check DMARC before BIMI
Use DMARC Checker to confirm your domain is ready for BIMI requirements.
Common problems
DMARC is still p=none
HighBIMI usually requires DMARC enforcement, not only monitoring.
Next step: Review DMARC reports and move safely toward quarantine or reject.
BIMI record missing
HighNo BIMI TXT record exists at default._bimi.yourdomain.com.
Next step: Publish a BIMI record with a valid logo URL and certificate URL if needed.
Logo file is not BIMI-compatible
HighThe logo may be a normal SVG, PNG or JPG instead of SVG Tiny PS.
Next step: Prepare and validate an SVG Tiny PS logo.
Logo URL is not accessible
MediumThe logo URL may be blocked, redirected incorrectly or not available over HTTPS.
Next step: Host the logo at a stable public HTTPS URL.
Certificate missing or invalid
MediumSome providers require VMC or CMC for logo display.
Next step: Use a valid certificate where required.
SPF/DKIM alignment fails
HighBIMI depends on DMARC passing, which requires aligned SPF or DKIM.
Next step: Fix authentication alignment first.
Reputation or provider policy prevents display
MediumEven with correct BIMI, mailbox providers decide when to show logos.
Next step: Maintain good sending reputation and check provider-specific behavior.
How to set up BIMI
-
Step 1: Fix SPF and DKIM
Make sure legitimate senders are authenticated and aligned.
-
Step 2: Move DMARC to enforcement
Use DMARC reports before moving from p=none to quarantine or reject.
-
Step 3: Prepare the logo
Create an SVG Tiny PS logo that matches your brand mark.
-
Step 4: Host the logo
Place the logo at a stable public HTTPS URL.
-
Step 5: Get a certificate if required
Use VMC or CMC if the mailbox providers you care about require one.
-
Step 6: Publish the BIMI record
Add the TXT record at default._bimi.yourdomain.com.
-
Step 7: Validate DNS and file access
Check DMARC, BIMI DNS, logo URL and certificate URL.
-
Step 8: Monitor display and reputation
Remember that mailbox providers decide whether and when to display the logo.
Before publishing BIMI
Confirm readiness before adding the BIMI DNS record.
SPF valid
SPF is valid.
DKIM passes
DKIM passes.
DMARC alignment
DMARC passes alignment.
DMARC enforcement
DMARC uses quarantine or reject.
Senders reviewed
Legitimate senders are reviewed.
Logo ready
SVG Tiny PS logo is ready.
HTTPS logo
Logo is hosted over HTTPS.
Certificate
Certificate is available if required.
BIMI record prepared
BIMI DNS record is prepared.
Healthy reputation
Reputation is healthy.
After publishing BIMI
Verify and monitor after the BIMI record is live.
Check BIMI DNS
Check BIMI DNS record.
Check logo URL
Check logo URL.
Check certificate URL
Check certificate URL.
Send test messages
Send test messages.
Monitor display
Monitor mailbox provider behavior.
Watch DMARC reports
Continue watching DMARC reports.
BIMI examples
default._bimi.example.com TXT
v=BIMI1; l=https://example.com/bimi/logo.svg; a=https://example.com/bimi/certificate.pem
default._bimi.example.com TXT
v=BIMI1; l=https://example.com/bimi/logo.svg; a=
_dmarc.example.com TXT
v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com
dig default._bimi.example.com TXT
dig _dmarc.example.com TXT
curl -I https://example.com/bimi/logo.svg
curl -I https://example.com/bimi/certificate.pem
These examples are illustrative. Use your real logo URL, certificate URL and DMARC reporting address.
Frequently asked questions
What is BIMI?
BIMI is a standard that lets supported mailbox providers display a brand logo beside authenticated emails.
Does BIMI improve deliverability?
Not directly. BIMI is not an inbox-placement guarantee. It depends on authentication, reputation and mailbox provider policies.
Does BIMI require DMARC?
Yes. BIMI generally requires DMARC enforcement with quarantine or reject.
Can I use BIMI with p=none?
For major BIMI support, p=none is usually not enough. DMARC enforcement is normally required.
What logo format does BIMI need?
BIMI uses an SVG Tiny PS logo hosted at a public HTTPS URL.
Do I need a VMC or CMC?
Many mailbox providers require a certificate such as VMC or CMC, while some may support self-asserted BIMI.
Why is my BIMI logo not showing?
Possible reasons include weak DMARC policy, failed alignment, invalid logo format, missing certificate, inaccessible URLs, reputation issues or mailbox provider policy.
Related tools
Use these free tools to verify your configuration after applying changes.
Related guides
Browse all Email Authentication guides →Need help applying this fix?
Send us your domain, report link or issue details. CheckDomainHealth will review the request and route it to the right technical team if hands-on support is needed.
Was this guide helpful?
Your feedback helps us improve our guides for everyone.
Thanks for your feedback!