BIMI: Brand Indicators for Message Identification

What it does

BIMI gives the brand-protection ROI that DMARC alone doesn't. After you've put in the work to publish DMARC, SPF, DKIM and reach p=reject, BIMI rewards you with your logo rendered in recipients' inboxes — Gmail, Apple Mail, Yahoo all support it.

Receivers will only render the logo when DMARC passes AND the policy is at quarantine or reject. That makes BIMI a forcing function: you can't get the brand benefit without first protecting the domain.

Some receivers (Gmail in particular) require a Verified Mark Certificate (VMC) — a paid certificate from a small list of CAs that proves you own the trademark to the logo. Others accept the SVG alone.

How it works

1. Generate an SVG of your logo following the strict BIMI SVG profile (square aspect, no scripts, single colour gradient OK).
2. Host the SVG over HTTPS at a stable URL on your domain.
3. Publish a TXT record at default._bimi.<your-domain> with v=BIMI1; l=<logo-url>; a=<vmc-url>.
4. If targeting Gmail, purchase a Verified Mark Certificate (~$1,500/yr) from one of the approved CAs; host the .pem file at the URL referenced by a=.
5. Receivers retrieve the record, validate against DMARC posture, and start rendering the logo within ~24h.

Example record

default._bimi.yourdomain.com TXT

Common pitfalls

• Publishing BIMI before reaching p=reject (or at least p=quarantine + pct=100). Receivers won't render the logo and you'll think it's broken.
• Using an SVG with scripts, animations, or non-square aspect. Receivers refuse to render anything outside the BIMI profile.
• Forgetting to renew the VMC. Once it expires, Gmail stops rendering the logo overnight.
• Hosting the SVG on a CDN that strips Content-Type or sends a non-image MIME. Receivers refuse non-image/svg+xml responses.

Related tools