BIMI does not accept just any image. A logo must be published as an SVG file in a specific, deliberately restricted profile called SVG Tiny Portable/Secure — usually written SVG Tiny PS or SVG Tiny P/S. It is a secured subset of SVG Tiny 1.2, chosen so that a logo renders predictably across mailboxes and carries no active or external content. If a file falls outside the profile, supporting inboxes simply will not display it.
The reasoning is the same as everywhere else in BIMI: the logo is going to be shown inside other people's inboxes, so it has to be small, self-contained and safe. That rules out anything that could load remote resources, run code, move, or depend on the viewer's fonts. This guide walks through what the profile requires, what it forbids, and the mistakes that most often fail validation.
The required shape of the file
A compliant BIMI logo is a single SVG document whose root element declares the SVG Tiny PS profile and includes a title. The minimum skeleton looks like this:
<svg xmlns="http://www.w3.org/2000/svg"
version="1.2" baseProfile="tiny-ps"
viewBox="0 0 512 512">
<title>Example Ltd</title>
<!-- vector shapes -->
</svg>
The rules the root element must satisfy:
- Declare the profile. The root
<svg>must carryversion="1.2"andbaseProfile="tiny-ps". Both are required; a missing or wrongbaseProfileis one of the most common validation failures. - Include a
<title>. The first child of the root should be a<title>element naming the brand. It is mandatory, and it also serves as the accessible name for the logo. - Use a
viewBox, not rootx/y. The root must define aviewBoxand must not setxoryattributes on the outermost<svg>. - Be square. The artwork must have a 1:1 aspect ratio — the width and height of
the
viewBoxshould be equal. Inboxes display logos in square or circular slots and expect a square canvas.
What the profile forbids
The "Secure" half of the name is a list of things a BIMI logo must not contain. If any of these appears, the file is outside the profile:
- Scripts. No
<script>elements and no event-handler attributes such asonload. - External references. Nothing that loads a remote resource — no external
stylesheets, no
xlink:hrefto outside files, no linked fonts or images. The file must be entirely self-contained. - Raster images. No embedded bitmaps via
<image>. BIMI logos are vector artwork; a PNG or JPEG wrapped in SVG is not a true vector logo (though some inboxes tolerate an embedded bitmap, it is best avoided). - Animation. No
<animate>,<animateTransform>,<animateMotion>or<set>. The logo must be static. - Interactivity and links. No
<a>hyperlinks,<foreignObject>, or interactive/hover behaviour. - Live text that depends on fonts. Convert any lettering to vector outlines
(paths) rather than relying on
<text>and a font that may not be present.
Colour, background and size
- Prefer a solid background. Some clients place the logo inside a coloured circle, and a transparent background can render awkwardly or disappear against certain themes. A solid, brand-appropriate background fill is the safest choice; if you do use transparency, test how it looks in a dark inbox.
- Keep the mark centred and legible small. The logo may be shown at 24–32 pixels across. Fine detail and thin lines will be lost, so favour a bold, simple version of your mark.
- Stay under about 32 KB. The BIMI Group recommends keeping the file small — roughly 32 KB is the usual guideline. Vector logos are naturally compact; if a file is large, it usually means an embedded bitmap or unnecessarily complex paths.
- Serve it correctly. The SVG must be reachable over HTTPS at a stable, public
URL, ideally with the
image/svg+xmlcontent type, and referenced from thel=parameter of your BIMI record.
Test before you publish
Inboxes do not render logos identically, so it is worth checking the final file at the size and in the settings your recipients actually use. Preview it small — around 24 to 32 pixels across — to confirm the mark stays legible, and view it against both a light and a dark inbox, since a background you assumed was safe can vanish or clash under one theme. It also helps to open the SVG directly in a browser: if it renders as a blank frame there, it will not render in an inbox either. A few minutes of checking now saves a puzzling "logo not showing" investigation later, when the cause is a quietly malformed file rather than anything wrong with your DNS or certificate.
Common reasons a logo is rejected
- Missing or incorrect
baseProfile="tiny-ps"/version="1.2". - No
<title>element. - A non-square
viewBox, orx/yset on the root element. - An embedded raster image instead of vector shapes.
- Leftover editor cruft — scripts, metadata blocks, external font links, or animation exported by a design tool.
- The file served over plain HTTP, behind authentication, or with the wrong content type.
Design tools rarely export SVG Tiny PS cleanly by default; exported SVGs often include editor metadata, external font references or unsupported features that need stripping out. It is worth validating the final file rather than trusting the export.
Produce and check a compliant file
If you are starting from a PNG, JPG or GIF, our BIMI SVG converter builds a compliant SVG Tiny PS shell around your image on a square canvas, entirely in your browser. If you already have vector artwork, export it as plain SVG and remove anything on the forbidden list above. Either way, run the finished record through the BIMI checker, which validates the SVG alongside your DMARC policy and certificate so you can confirm the whole configuration in one place.
Related guides
- What is BIMI? — the standard, and what your domain needs.
- VMC and CMC certificates — the certificate that vouches for your logo.
- BIMI and DMARC — the authentication BIMI builds on.
- BIMI SVG converter — turn a raster logo into SVG Tiny PS.