Authentication | 10 min read

BIMI Record Setup Guide: Display Your Brand Logo in Email Inboxes

Learn how to set up BIMI (Brand Indicators for Message Identification) to display your verified brand logo in recipient inboxes. Step-by-step DNS setup, logo requirements, VMC vs CMC certificates, and troubleshooting tips.

Key Takeaways
  • BIMI (Brand Indicators for Message Identification) lets you display your brand logo next to emails in supported inboxes like Gmail, Yahoo, and Apple Mail.
  • BIMI requires a fully enforced DMARC policy set to quarantine or reject before it will work.
  • Google now accepts Common Mark Certificates (CMCs) as a lower-cost alternative to Verified Mark Certificates (VMCs), making BIMI accessible to smaller senders.
  • Properly implementing BIMI can increase open rates by up to 10% and significantly boost brand recognition in crowded inboxes.
  • Your logo must be in SVG Tiny 1.2 format, square dimensions, and hosted on a publicly accessible HTTPS URL.

If you have ever scrolled through your inbox and noticed that some senders display a polished brand logo while others show only a generic initial or blank avatar, you have seen BIMI in action. Brand Indicators for Message Identification (BIMI) is an email authentication standard that allows verified senders to display their official logo next to messages in supported inboxes. It is the visual layer that sits on top of SPF, DKIM, and DMARC, turning your authentication setup into something your recipients can actually see.

BIMI adoption has been accelerating. The number of domains publishing BIMI DNS records grew by 28% between May 2024 and January 2025, and that pace has continued into 2026 as Google and Apple have expanded their support. For senders who have already invested in proper email authentication, BIMI is the logical next step to maximize brand visibility, combat phishing, and improve engagement.

10% Average Lift in Open Rates
Brands that implemented BIMI during the Yahoo Mail beta program reported an average 10% increase in email open rates simply from displaying their logo in the inbox.

What Is BIMI and How Does It Work?

BIMI stands for Brand Indicators for Message Identification. It is an email specification maintained by the AuthIndicators Working Group that enables sending domains to publish a DNS record pointing to a brand logo. When an incoming email passes authentication checks, the recipient's mailbox provider looks up the BIMI record, retrieves the logo, and displays it alongside the message in the inbox.

Here is the step-by-step process that happens behind the scenes:

  1. You send an email from your authenticated domain.
  2. The recipient's mailbox provider verifies the message passes SPF, DKIM, and DMARC.
  3. The provider checks that your DMARC policy is set to quarantine or reject.
  4. If authentication passes, the provider performs a DNS lookup for a BIMI TXT record on your domain.
  5. The BIMI record points to your logo file (SVG) and optionally to a certificate (VMC or CMC).
  6. The provider validates the certificate, retrieves the logo, and displays it in the inbox.

The key distinction between BIMI and other authentication protocols is that BIMI produces a visible result for your recipients. While SPF, DKIM, and DMARC work silently in the background, BIMI gives your brand a tangible presence in the inbox.

Prerequisites: What You Need Before Setting Up BIMI

BIMI does not work in isolation. It is the capstone of your email authentication stack, and every layer beneath it must be solid before your logo will appear. Here is what you need in place:

1. SPF Authentication

Your domain must have a valid SPF record that authorizes all legitimate sending sources. Use our SPF checker to verify your record is correctly configured and does not exceed the 10 DNS lookup limit.

2. DKIM Signing

All outgoing email must be signed with DKIM. The signing domain (the d= value) should align with your From domain. Verify your DKIM configuration with our DKIM checker.

3. DMARC Policy at Enforcement

This is the most critical prerequisite. Your DMARC policy must be set to either p=quarantine or p=reject. A policy of p=none will not qualify for BIMI. If you are still at p=none, you will need to transition to enforcement first. Use our DMARC checker to verify your current policy.

Warning: Moving to DMARC enforcement without proper preparation can cause legitimate email to be quarantined or rejected. Review your DMARC aggregate reports carefully, ensure all legitimate sending sources are authorized in your SPF record and signing with DKIM, and transition gradually from p=none to p=quarantine to p=reject.

4. A Compliant Brand Logo

Your logo must meet specific technical requirements (covered in detail below). The file must be in SVG Tiny 1.2 format, square, and hosted at a publicly accessible HTTPS URL.

5. A Digital Certificate (VMC or CMC)

Most major mailbox providers, including Gmail, require a digital certificate to verify logo ownership. You will need either a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC).

VMC vs. CMC: Which Certificate Do You Need?

One of the biggest barriers to BIMI adoption was historically the cost of Verified Mark Certificates. That changed significantly when Google began accepting Common Mark Certificates as an alternative. Here is how the two options compare:

Feature VMC (Verified Mark Certificate) CMC (Common Mark Certificate)
Trademark Required Yes, registered with an approved trademark office No trademark required
Approximate Annual Cost $1,200 - $1,500/year $990 - $1,250/year
Gmail Support Yes, with blue checkmark Yes, without blue checkmark
Yahoo/AOL Support Yes Yes
Apple Mail Support Yes Yes
Verification Process Trademark validation through certificate authority Domain ownership validation
Time to Issue 2-6 weeks (trademark verification) 1-3 days (domain validation)
Best For Established brands with registered trademarks Small businesses and domains without trademarks
Pro Tip

If you have a registered trademark, go with a VMC. Gmail displays a blue checkmark icon for VMC-verified senders, which provides additional trust signaling beyond the logo display. If you do not have a trademark, the CMC is the way to get started quickly and affordably.

Certificate authorities currently issuing VMCs and CMCs include DigiCert and Sectigo. Note that Google and Apple stopped relying on Entrust certificates in November 2024; Entrust has since sold its public certificate business to Sectigo.

BIMI Logo Requirements

Your logo file must meet strict technical specifications for mailbox providers to display it. Getting the format wrong is one of the most common reasons BIMI fails silently.

Technical Specifications

  • Format: SVG Tiny 1.2 (also called SVG Tiny PS). This is not the same as a standard SVG exported from design tools.
  • Dimensions: Square aspect ratio. The viewBox should be square (e.g., viewBox="0 0 100 100").
  • File size: Keep it under 32 KB for optimal loading.
  • Background: Must not be transparent. Use a solid background color.
  • Content: No animations, no external references, no scripts, no embedded raster images.
  • Hosting: Must be served over HTTPS from a publicly accessible URL.
  • Centering: Your logo should be centered within the square canvas with adequate padding, as some providers display it in a circular crop.

SVG Tiny 1.2 Conversion

Most design tools (Adobe Illustrator, Figma, Inkscape) export standard SVG, not SVG Tiny 1.2. You will need to convert your file. Here is the basic structure of a compliant BIMI SVG file:

<svg version="1.2" baseProfile="tiny-ps"
     xmlns="http://www.w3.org/2000/svg"
     viewBox="0 0 100 100">
  <rect width="100" height="100" fill="#FFFFFF"/>
  <!-- Your logo paths here -->
</svg>

Key attributes to include: version="1.2", baseProfile="tiny-ps", and a square viewBox. Remove any xmlns:xlink references, embedded fonts, or filter effects that are not supported in SVG Tiny 1.2.

Tip: Test your SVG file before publishing it. The BIMI Working Group provides a validator at bimigroup.org that checks your SVG against the Tiny 1.2 specification. Many failed BIMI implementations trace back to non-compliant logo files.

Step-by-Step: Creating Your BIMI DNS Record

Once you have your prerequisites in place, your logo hosted, and your certificate obtained, adding the BIMI DNS record is straightforward.

BIMI Record Format

A BIMI record is a TXT record added to your domain's DNS. The record is placed at a specific subdomain using the selector default:

Host:  default._bimi.yourdomain.com
Type:  TXT
Value: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/cert.pem

The record contains three components:

  • v=BIMI1 - The version tag (always BIMI1).
  • l= - The URL to your SVG logo file. Must be HTTPS.
  • a= - The URL to your VMC or CMC certificate in PEM format. This is technically optional per the BIMI spec but required by Gmail and most major providers.

DNS Configuration Steps

  1. Log in to your DNS provider or domain registrar's DNS management panel.
  2. Create a new TXT record.
  3. Set the host/name to default._bimi (some providers require the full default._bimi.yourdomain.com).
  4. Set the value to your BIMI record string with your logo and certificate URLs.
  5. Save the record and allow time for DNS propagation (typically 15 minutes to 48 hours).

Verifying Your BIMI Record

After adding the record, verify it is resolving correctly. You can use a DNS lookup tool or run the following command in your terminal:

nslookup -type=txt default._bimi.yourdomain.com

The response should return your full BIMI record value. If the record does not appear, double-check the hostname format with your DNS provider, as some require trailing dots or handle subdomains differently.

Which Mailbox Providers Support BIMI?

BIMI support has expanded considerably, but it is not yet universal. Here is the current state of provider support:

Mailbox Provider BIMI Support Certificate Required Notes
Gmail Yes VMC or CMC Blue checkmark for VMC holders only
Yahoo Mail / AOL Yes Optional but recommended Early BIMI adopter; displays logo without certificate
Apple Mail (iOS 16+) Yes VMC or CMC Requires iOS 16, iPadOS 16, or macOS Ventura+
Fastmail Yes No Displays logo based on BIMI record alone
Microsoft Outlook No N/A No BIMI support as of early 2026
Proton Mail No N/A Not currently supported
Did You Know?

Even though Microsoft Outlook does not support BIMI, Gmail, Yahoo, and Apple Mail collectively represent the vast majority of consumer email volume. Implementing BIMI still gives your logo visibility for most of your recipients.

Why Implement BIMI? The Business Case

BIMI is more than a vanity feature. There are concrete, measurable benefits for senders who implement it correctly.

Increased Brand Recognition

Your logo appears directly in the inbox before the recipient even opens the email. This consistent visual presence reinforces brand recall across every message you send, whether it is a marketing campaign, transactional notification, or customer support reply.

Higher Engagement Rates

Recipients are more likely to open emails from senders they visually recognize. The 10% average lift in open rates reported during Yahoo's BIMI pilot has been corroborated by multiple brands post-implementation. A survey by Red Sift found that BIMI resulted in a 90% increase in consumer confidence in sender legitimacy.

Phishing Protection

Because BIMI requires DMARC enforcement, it makes it significantly harder for bad actors to spoof your domain. Recipients learn to associate your logo with legitimate email, making phishing attempts that lack the logo easier to identify.

Improved Deliverability Signals

While BIMI itself does not directly influence filtering decisions, the authentication stack it requires (enforced DMARC with aligned SPF and DKIM) sends strong positive signals to mailbox providers. Senders with this level of authentication tend to achieve better inbox placement overall.

Troubleshooting Common BIMI Issues

If your logo is not appearing after setup, work through these common failure points:

Logo Not Displaying in Gmail

  • DMARC not enforced: Verify your DMARC policy is p=quarantine or p=reject, not p=none.
  • No valid certificate: Gmail requires a VMC or CMC. Check that the a= field in your BIMI record points to a valid, non-expired certificate.
  • SVG format issues: Ensure your logo is SVG Tiny 1.2 with baseProfile="tiny-ps". Standard SVG files will be rejected.
  • Low sending volume: Gmail may not display BIMI for domains with very low email volume to Gmail recipients.

Logo Not Displaying in Yahoo

  • DNS propagation: Yahoo can take longer to pick up new BIMI records. Allow up to 48 hours.
  • Authentication failures: Even intermittent SPF or DKIM failures can prevent logo display. Check that your authentication pass rate is consistently high.

BIMI Record Not Resolving

  • Incorrect hostname: The record must be at default._bimi.yourdomain.com, not _bimi.yourdomain.com or yourdomain.com.
  • Record type: Must be a TXT record, not CNAME or other types.
  • TTL too high: If you recently added or changed the record, a high TTL on the previous record can delay propagation.
Pro Tip

Send a test email to a personal Gmail account after setup and inspect the email headers. Look for Authentication-Results headers that reference BIMI. If you see bimi=pass, your setup is working correctly. If BIMI is absent from the headers, the issue is likely in your DNS record or certificate configuration.

BIMI Implementation Checklist

Use this checklist to ensure you have covered every step before going live:

Implementation Checklist

Authentication Foundation: SPF record valid and passing. DKIM signing active on all sending sources. DMARC policy set to quarantine or reject with alignment passing. DMARC aggregate reports reviewed and all legitimate sources accounted for.

Logo Preparation: Logo converted to SVG Tiny 1.2 format. Square aspect ratio with solid (non-transparent) background. File size under 32 KB. Logo validated against BIMI specifications. Hosted on HTTPS with a publicly accessible URL.

Certificate: VMC obtained (if you have a registered trademark) or CMC obtained (if no trademark). Certificate in PEM format hosted on HTTPS.

DNS Record: TXT record created at default._bimi.yourdomain.com. Record includes v=BIMI1, logo URL (l=), and certificate URL (a=). DNS propagation confirmed via lookup.

Testing: Test email sent to Gmail, Yahoo, and Apple Mail accounts. BIMI pass confirmed in email headers. Logo rendering verified across providers.

BIMI's Role in Your Sender Reputation Strategy

BIMI fits into the broader picture of building and maintaining Sender Reputation. Think of your reputation as a pyramid: at the base, you have proper DNS and authentication (SPF, DKIM, DMARC). In the middle, you have sending practices like list hygiene, engagement monitoring, and volume management. At the top sits BIMI, the visible proof to your recipients that you have invested in doing email the right way.

The enforcement requirements for BIMI effectively force best practices. You cannot display a logo without enforced DMARC, and you cannot maintain enforced DMARC without clean authentication across all your sending sources. This makes BIMI adoption a catalyst for improving your overall email infrastructure.

If you are just starting your authentication journey, begin with our email authentication guide to build the foundation, then come back to implement BIMI as the finishing touch.

Frequently Asked Questions About BIMI

How much does BIMI cost to implement?

The BIMI DNS record itself is free. The primary cost is the digital certificate: VMCs run approximately $1,200 to $1,500 per year, while CMCs range from $990 to $1,250 per year. You may also need to factor in time for logo preparation and any costs for DMARC enforcement if you are not already there.

How long does BIMI take to set up?

If you already have DMARC at enforcement, BIMI setup can be completed in a few days (mostly waiting for certificate issuance and DNS propagation). If you are starting from scratch, plan 6 to 8 weeks for the DMARC transition alone, plus additional time for trademark registration if pursuing a VMC.

Does BIMI directly improve deliverability?

BIMI does not directly influence spam filtering decisions. However, the authentication stack it requires (enforced DMARC with aligned SPF and DKIM) is a strong positive signal for mailbox providers. The improved engagement from logo display can also contribute to better reputation metrics over time.

Can I use BIMI without a certificate?

Technically, the BIMI specification makes certificates optional. In practice, Gmail and Apple Mail require a VMC or CMC. Yahoo and Fastmail will display your logo without a certificate, but for the broadest coverage, a certificate is strongly recommended.

What happens if my certificate expires?

Your logo will stop appearing in inboxes that require certificate validation (Gmail, Apple Mail). Set calendar reminders to renew your certificate well before expiration to avoid gaps in logo display.

SenderReputation.org Editorial Team
Our team of email deliverability experts writes in-depth guides and analysis to help senders build and maintain strong sender reputations.
Share this article:
← Back to Blog

Related Tools

DMARC Record Checker SPF Record Checker DKIM Record Checker DMARC Record Generator

Related Posts

DMARC Policies Explained SPF Record Syntax Explained Google and Yahoo 2024 Sender Requirements

Check Your Domain

Get your free Sender Reputation Score and see how your email configuration stacks up.

Check Now