What is BIMI?

How Brand Indicators for Message Identification put a verified logo next to your email — and what your domain needs before it works.

BIMI — Brand Indicators for Message Identification — is a standard that lets a verified brand logo appear beside your messages in a supporting mailbox. Instead of a grey placeholder or an auto-generated initial, recipients see your actual logo in the message list and, in some clients, on the open message. It is a small change with an outsized effect: a recognisable mark is one of the clearest signals that an email is genuinely from you.

The important thing to understand up front is that BIMI is a reward for authenticated mail, not a security control in its own right. A logo only appears once a domain has already proven that its mail is genuine. That is what makes the logo trustworthy — it cannot simply be attached by anyone. BIMI sits on top of the email authentication your domain already publishes, and most of the work of adopting it is getting that authentication right.

How BIMI works

BIMI is published as a single DNS TXT record. For the default configuration it lives at default._bimi.yourdomain.com, and it looks like this:

default._bimi.example.com. TXT "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"

When a message arrives, a supporting receiver first checks that the message is authenticated and aligned under DMARC. If it is, the receiver looks up the BIMI record for the sending domain, fetches the logo (and, where required, verifies the certificate), and displays the mark. The _bimi label can also carry named selectors, so a domain can serve different logos for different mail streams — but most senders only ever need default.

What your domain needs

Three things have to be in place, and they are worth tackling in this order:

  1. DMARC at enforcement. Your domain must publish a DMARC policy of quarantine or reject — not none — built on aligned SPF and DKIM. This is the non-negotiable prerequisite, and it is where most of the effort goes. The full chain is covered in BIMI and DMARC.
  2. A compliant SVG logo. The logo must be a square SVG in the SVG Tiny PS profile, served over HTTPS. The exact rules — and the common reasons a logo is rejected — are set out in BIMI SVG logo requirements. Our SVG converter can produce a compliant file from a PNG, JPG or GIF.
  3. A certificate, for the providers that require one. Gmail and several other inboxes only display a logo when the record references a valid VMC or, where supported, a CMC. These are issued by a small number of certificate authorities and, for a VMC, require a registered trademark — see VMC and CMC certificates.

Only once DMARC is enforcing do the logo and certificate become worth publishing. Adding a BIMI record while your DMARC policy is still p=none will not produce a logo anywhere.

Where the logo appears

Support has grown steadily, but it is not universal, and each provider treats BIMI slightly differently. As a general picture, BIMI logos are shown by mailboxes including Gmail, Apple Mail (on recent iOS and macOS releases), Yahoo Mail, AOL, Fastmail and La Poste, among others. Treatment varies: some providers require a VMC and display a verification tick alongside the logo; others accept a CMC or show the logo without a tick; and a few display a logo from the record without demanding a certificate at all. Because the rules change as the standard matures, it is worth confirming the current requirements of the specific inboxes your audience uses rather than assuming one behaviour everywhere.

It also follows that you cannot fully control where or how your logo renders. BIMI gives receivers the ingredients; each decides how to use them. What you can control is publishing a clean record, a valid logo and — where needed — a current certificate, on top of solid authentication.

What BIMI is not

A logo is a trust signal, not a deliverability lever. BIMI does not, on its own, improve whether your mail reaches the inbox or the spam folder — that is decided by your sending reputation and authentication. What BIMI does is make already-authenticated mail more recognisable, and it gives you one more reason to get DMARC to enforcement, which genuinely does protect your domain from being spoofed. Think of the logo as the visible reward for work that is worth doing regardless.

Nor is BIMI a guarantee that a message is safe. It confirms the mail is authenticated for the domain that sent it; it does not vouch for the contents. It is a strong signal of origin, used alongside the recipient's own judgement — not a replacement for it.

Check your configuration

The quickest way to see where you stand is to run your domain through the BIMI checker. It reports whether a BIMI record exists, whether your DMARC policy is at enforcement, whether the SVG logo validates, and whether the referenced certificate is trusted — then previews how the logo would appear. If any prerequisite is missing, the result tells you which one, so you know exactly what to fix next.

Related guides