What is BIMI and why is it important?

Written by: Garin Hobbs

Published on January 7, 2026

14 Mins read

Key Takeaways:

  • BIMI displays your verified logo in supported inboxes, but only after SPF, DKIM, and DMARC are fully aligned and enforced.
  • Gmail and other major providers require a Verified Mark Certificate (VMC) to prove trademark ownership before showing your logo.
  • BIMI boosts brand trust and engagement by giving subscribers a visual identity cue right inside the inbox.
  • Most BIMI failures come from DMARC not being enforced, non-compliant SVG files, VMC issues, or incorrect BIMI DNS syntax.

BIMI (Brand Indicator for Message Identification) gets a lot of attention now, and for good reason. It’s one of the few email standards that actually changes what your subscribers see in the inbox. BIMI basically allows your verified brand logo to appear next to emails that pass authentication. Think of it as a trust signal your audience can spot instantly.

In this blog, I’ll break down exactly how BIMI works, what it requires, why it matters, and where it actually makes a difference for email programs.

What is BIMI?

BIMI is a standard that allows your verified brand logo to appear next to authenticated emails in supported inboxes. It is like a visual signal that tells your inbox, “Yes, this message is actually from us.” 

For some inboxes (like Gmail), you’ll also need a Verified Mark Certificate. That’s what confirms you actually own the trademark before the logo can appear. BIMI does not handle authentication on its own, it simply surfaces the identity you have already proven through these protocols.

How Does BIMI Work?

BIMI relies on the core authentication stack: 

  • SPF authorizes senders
  • DKIM signs mail
  • DMARC aligns those results under an enforced policy.

Mailbox providers require DMARC at quarantine or reject before they even consider displaying a logo. This confirms the domain owner protects their identity and blocks unauthenticated mail. Once a message passes all three, the domain is considered trustworthy. BIMI activates only after that trust is established.

After the authentication checks succeed, the inbox queries the BIMI record that the domain owner published in DNS. That record declares the official logo and, when required, references the VMC. Providers validate the logo against their own criteria and decide if it qualifies. If it does, the inbox attaches the brand’s logo to the message.

Why Implement BIMI?

BIMI gives your emails a visual identity boost right inside the inbox. Once your domain is authenticated and protected, BIMI steps in and puts your verified logo where people actually make decisions, next to the email sender’s name. It’s simple visibility with real impact.

Instant Brand Recognition

Your logo appears right in the inbox, so users identify you faster than they read your sender name. Visual cues win in a crowded scroll, and BIMI turns every send into a quick brand impression across Gmail, Yahoo, Apple Mail, and other supporting providers.

Better Engagement Signals

A verified logo builds confidence. When your logo appears with your emails, trust increases. People open more and engage more. Brands that implement BIMI see a measurable lift in engagement once the logo is live

Harder for Attackers to Imitate

Spoofers can copy your text, but they can’t fake authenticated logos. BIMI puts a verified visual marker next to your emails. This way, it is easy to spot a phisher or hacker.

Inbox Placement Benefits

You can’t use BIMI without DMARC at enforcement, and that alone improves sender trust. Pair that with a verified logo, and mailbox providers have a clearer signal to treat your mail as legitimate. A proper email deliverability test will reflect this uplift too, showing clearer authentication, stronger alignment, and fewer risk flags.

Real Competitive Advantage

Most brands still operate without BIMI. That gives you a window to stand out before your competitors catch up. Early adopters gain the visibility advantage and set expectations for what “trusted email” looks like.

Consistent Branding Everywhere

Your brand is already visual across ads, social, and your website. BIMI brings that consistency into the inbox, making every email another aligned touchpoint instead of just another sender line.

BIMI Requirements: What You Must Have Before Setup

BIMI only works after your domain proves it can authenticate mail consistently. The requirements are straightforward, but getting them into place takes real work—especially the DMARC enforcement piece. Here’s the exact checklist.

1. Full Email Authentication

Your domain must authenticate all outbound mail with:

  • SPF (authorized senders)
  • DKIM (cryptographic signing)
  • DMARC (alignment + policy)

SPF and DKIM must align with the same domain DMARC uses. Without alignment, BIMI won’t activate.

2. DMARC at Enforcement

Mailbox providers require a DMARC policy of either quarantine or reject.

No “p=none.”

No partial application (pct must be 100).

This signals that the domain owner actively protects their identity and blocks unauthenticated mail.

3. A Published BIMI Record

Your domain needs a BIMI TXT record at

“default._bimi.[yourdomain]”

This record declares the logo you want inbox providers to reference.

4. A Verified Mark Certificate (When Required)

Some providers accept a self-asserted logo.

Gmail and others require a Verified Mark Certificate (VMC) to prove the logo actually belongs to your organization.

BIMI Logo Requirements

Before your logo shows up in any inbox, it must meet BIMI’s technical standards. BIMI doesn’t accept regular SVGs or PNGs. It requires a very strict format called SVG Tiny Portable/Secure (SVG P/S). This profile removes risky elements like scripts, animation, external links, and anything that could be modified or exploited.

Here’s what your logo must have:

1. SVG P/S format

Your file must use the SVG Tiny 1.2 base with these attributes:

  • version=”1.2″
  • baseProfile=”tiny-ps”
  • A <title> element reflecting your brand name
  • A <desc> element is optional, but strongly recommended for accessibility
  • No x= or y= attributes in the root <svg> tag
  • No scripts, animation, external references, or interactive content

Most design tools don’t export SVG P/S directly. The BIMI Group now provides official conversion tools for Windows, macOS, and Illustrator.

2. Strict size and structure

Your SVG must:

  • Be under 32 kilobytes
  • Use a square aspect ratio
  • Keep your logo centered
  • Use a solid background for predictable rendering
  • Use LF (line feed) line endings

Keep away from transparent backgrounds because they don’t display reliably. Thus, your BIMI logo may be distorted, or worse, it doesn’t show up at all. 

3. Hosted securely

Your logo must be publicly available over HTTPS. Mailbox providers fetch it using the URL inside your BIMI DNS record.

4. Trademark ownership

 If you’re using BIMI with Gmail or any email service provider that requires verification, you will need:

  • A Verified Mark Certificate (VMC) or
  • A Common Mark Certificate (CMC)

A VMC proves the logo is legally yours. It requires trademark registration with a recognized IP authority.

5. Logo must match your trademark

If your trademark includes a circle, shield, or specific border, your BIMI logo must reflect that exact mark. Providers verify this during VMC validation.

How to Set Up BIMI (Step-by-Step)

Here is the exact sequence you need to follow to get BIMI live – 

1. Authenticate your domain (SPF, DKIM, DMARC)

We have already established that BIMI only works when SPF, DKIM, and DMARC record are all aligned, and DMARC is set to quarantine or reject. Until your domain can prove that it can block spoofing, your BIMI logo won’t be displayed.

2. Create a BIMI-compatible SVG Tiny PS logo

Prepare a clean, square SVG Tiny-PS file under 32 KB, centered, with no scripts, no external references, and a solid background. This is the file inbox providers will attempt to display.

3. Host the logo on a public HTTPS URL

Upload the SVG to a secure, publicly accessible location. Mailbox providers must be able to fetch it directly from the URL you reference in your BIMI record.

4. Get your VMC (if you want full provider coverage)

A VMC validates trademark ownership and is required by Gmail, Apple, and others. Without it, only a few providers will show your logo.

5. Publish your BIMI TXT record

Create a TXT record at:

“default._bimi.yourdomain.com”

with the BIMI version tag, your SVG URL, and the VMC URL if you have one.

6. Validate your setup

Before you go live, run your domain through a BIMI Record Checker or Inspector. It checks all your requirements – if your BIMI record is visible, your logo is formatted correctly, and your DMARC enforcement is actually in place. Once it propagates, providers can evaluate your domain for logo display.

How Long Does It Take to Deploy BIMI?

Publishing a BIMI record is fast as most teams can push a valid TXT record live in under 15 minutes. The real timeline isn’t BIMI itself. The bottleneck is everything that must happen before BIMI becomes eligible.

DMARC enforcement is the last step.
If your domain isn’t already at p=quarantine or p=reject, getting there can take weeks or months, depending on your mail streams and how quickly you can fix alignment issues.

VMC timelines depend on trademark ownership.
If your logo is already trademarked, VMC approval moves fairly quickly.
If you’re not trademarked yet, that process can take several months, sometimes longer, because trademark offices, not inbox providers, set that pace.

Once those prerequisites are in place, BIMI deployment is instant.
You publish your record, validate it, and providers can begin evaluating your domain for logo display as soon as DNS propagates.

Verified Mark Certificate (VMC): What It Is and Why It Matters

A Verified Mark Certificate is basically a digital certificate that proves your logo is trademarked and it’s legally yours. Inbox providers use it to decide whether they can display your logo for BIMI.

Self-Asserted BIMI vs. VMC-Backed BIMI

  • Self-asserted BIMI: Works on limited providers. No trademark proof. No guaranteed display.
  • VMC-backed BIMI: Required by Gmail. Trusted by major providers. Highest display coverage.

Why Gmail Requires a VMC

Gmail uses the VMC to validate your identity, verify your trademark, and block spoofed logos. The certificate gives Gmail a guaranteed, verified brand signal.

What It Takes to Get a VMC

  • Trademarked logo
  • DMARC at enforcement
  • Identity verification via notary or video call
  • Issuance from an approved CA (DigiCert, Entrust, Sectigo)

Cost and Timeline

  • Price: ~$1,499 per year
  • Trademark validation: can take months
  • Certificate issuance: usually a few days after validation

Which Inbox Providers Support BIMI?

BIMI adoption keeps expanding. Several major mailbox providers now display BIMI logos once a domain meets authentication and logo-verification requirements.

Fully Supporting BIMI

These providers display BIMI logos today:

  • Gmail — Requires VMC or CMC
  • Yahoo Mail — No VMC required
  • Apple Mail (iCloud, iOS 16+, macOS Ventura+) — Requires VMC
  • Fastmail — No VMC required
  • AOL / Pobox / Netscape
  • Cloudmark (Proofpoint)
  • La Poste
  • Onet Poczta
  • GMX / Web.de
  • Zoho Mail
  • Zone
  • Zoner
  • NTT Docomo
  • KDDI

These platforms represent the majority of consumers’ inboxes, where brand visibility and trust matter most.

Providers Currently Evaluating BIMI

These providers are testing or planning adoption:

  • ATmail
  • BT Mail
  • Comcast
  • mail.com
  • Qualitia
  • Seznam.cz
  • Yahoo Japan

Providers Not Supporting BIMI

  • Microsoft Outlook / Office 365

Outlook does not support BIMI today and has not announced timelines.

Why Provider Support Matters

More BIMI-ready inboxes mean more branded visibility. Your logo appears at the moment subscribers scan their inbox, which improves trust, recall, and engagement across supported platforms.

InboxArmy clients often use BIMI alongside our deliverability optimization to secure better inbox placement and stronger brand presence across Gmail, Yahoo, Apple Mail, and Fastmail.

Why Your BIMI Logo Is Not Showing

If your BIMI logo isn’t appearing, don’t panic, 99% of the time, it comes down to one of a few predictable issues. Here’s the rundown.

1. Your DMARC Isn’t at Enforcement

BIMI doesn’t activate unless your domain is at p=quarantine or p=reject.
If DMARC is still set to none, inbox providers won’t display your logo.

Fix: Move DMARC to enforcement once your mail streams are aligned.

2. Your BIMI Record Has an Error

Quick warning – BIMI breaks fast. One tiny typo, one wrong URL, even a missing semicolon, and the whole thing stops working.

Fix: Confirm your TXT record matches the BIMI format and points to valid, accessible files.

3. You Don’t Have a Valid VMC/CMC

If your inbox provider needs a VMC and you don’t have one, your logo simply won’t show. Everything else can be perfect, and it still won’t render.

Fix: Get a VMC (or CMC, where supported) from an approved certificate authority.

4. Your Logo Doesn’t Meet BIMI Specs

BIMI only accepts a very specific format. If the logo isn’t compliant, providers will quietly ignore it.

Fix: Ensure your logo is SVG Tiny PS, square, lightweight, and properly structured.

5. The Receiving Inbox Doesn’t Support BIMI

If the mailbox provider doesn’t support BIMI, your logo simply can’t appear.

Fix: None — support varies by platform. Gmail, Yahoo, Apple Mail, and many others already display BIMI.

6. DNS Hasn’t Propagated Yet

Even a perfect BIMI setup needs time. Providers won’t show your logo until caching updates globally.

Fix: Wait 24-48 hours after changes, then re-check your DNS.

BIMI Best Practices

If you’re rolling out BIMI, here are the practices that actually matter, the ones that keep your logo stable, compliant, and visible across supporting inboxes.

  1. Make sure your domain authentication is rock solid
    For BIMI to work, SPF, DKIM, and DMARC all have to be alligned. Any misalignment and your logo simply doesn’t appear.
  2. Keep your logo simple and clean, so it’s BIMI-ready

Use an SVG Tiny PS file, square layout, solid background, and minimal detail so it renders consistently everywhere.

  1. Host your logo on a stable, HTTPS-secured server
    Unreliable hosting, redirects, or non-HTTPS URLs will prevent inbox providers from pulling your logo.
  2. Use a verified mark certificate (vmc) or common mark certificate when required
    Gmail, Apple Mail, and several others won’t show your logo without a valid certificate tied to your trademark.
  3. Publish your BIMI DNS record with correct syntax
    A single typo, a missing semicolon, or a wrong selector (usually “default”) can cause BIMI to fail silently.
  4. Test your configuration with BIMI inspection tools
    Use a BIMI inspector to confirm DNS propagation, logo validity, and certificate chain issues before rolling out.
  5. Monitor DMARC reports to maintain enforcement
    If your DMARC alignment breaks, your BIMI logo disappears — keep an eye on sending sources and new integrations.
  6. Keep your logo, certificates, and hosting updated
    Expired certificates, updated branding, or new domains require refreshing your BIMI setup.
  7. Avoid complex logo variations or multiple selectors unless necessary
    The simpler the setup, the fewer display inconsistencies across providers.
  8. Document your BIMI setup internally for future changes
    Clear documentation prevents misconfigurations when teams, tools, or domains change.

BIMI and Email Deliverability: What to Know

When people hear “BIMI,” they expect some kind of instant inbox-placement boost. That’s not how it works. BIMI doesn’t flip a switch in Gmail’s algorithm, but it does strengthen the signals that algorithms already care about. 

Once BIMI sits on top of SPF, DKIM, and DMARC at enforcement, your domain behaves like a fully authenticated sender. That 

  • Stabilizes reputation
  • Cuts down false spam flags
  • Removes the biggest friction points 

The real lift comes from how subscribers react. A branded logo in the inbox builds confidence before the email is even opened. At scale, those signals matter far more than copy tweaks or send-time experiments.

BIMI also protects your reputation on the other end. When impersonation attempts drop, reputation damage drops with it. And cleaner reputation means fewer email deliverability surprises down the road.

So no, BIMI isn’t a magic deliverability button. But in long-term trust building? It’s a strong piece of the stack. It shows mail providers that you take authentication seriously, and it reinforces legitimacy.

Is BIMI Worth It for Your Brand?

If your brand sends at scale, yes, BIMI is worth it. Not because the logo alone boosts inbox placement, but because you can’t reach BIMI without already running a mature, authenticated email program. That’s the real win.

Across the programs we manage at InboxArmy, the brands that invest in SPF, DKIM, and DMARC enforcement early see stronger trust, fewer deliverability surprises, and cleaner reputation long before BIMI enters the picture. BIMI simply builds on that foundation and gives you a visible trust cue in Gmail, Yahoo, Apple Mail, and other supporting inboxes.

If your logo is trademarked and your domain is properly authenticated, BIMI becomes an easy advantage: a verified badge of legitimacy right where subscribers make decisions.

And if you want BIMI without the guesswork, InboxArmy can set up authentication, enforce DMARC, and launch BIMI for you, end to end.

Garin Hobbs

Garin Hobbs

About Author

Garin Hobbs is a seasoned Martech and Marketing professional with over 20 years of successful product marketing, customer success, strategy, and sales experience. With a career spanning across ESPs, agencies, and technology providers, Garin is recognized for his broad experience in growing email impact and revenue, helping launch new programs and products, and developing the strategies and thought leadership to support them. Understanding how to optimally align people, process, and technology to produce meaningful outcomes, Garin has worked to deliver sustainable improvements in consumer experience and program revenue for such brands as Gap, Starbucks, Macy’s, Foot Locker, Bank of America, United Airlines, and Hilton Hotels. For more information, follow him on Linkedin

Interested In Collaborating?

Get in touch today!

Enter your information below to request a free, no-obligation consultation.






    Yes

    (InboxArmy doesn't work or provide email list buying or rental service.)

    Image
    mjff

    “We looked at 16 different agencies, interviewed 8 of them and selected InboxArmy as number 1 pick.”

    We hired InboxArmy to redesign Salesforce Marketing Cloud emails. The goal was to create a new master template that matched branding using industry best practices. After we signed the SOW, we had a couple discovery calls, submitted our brief and branding document. Once we were on the same page, InboxArmy did design in batches, we had 3 rounds of reviews and once all was finalized IA coded and implemented the templates for us in MC.

    During discovery calls, members of IA were present (covering design and coding). After that we always communicated with our representative, Charlie. Being able to understand branding and our needs, design capabilities, coding pace, responsiveness and always willing to go step beyond for this project.

    Felt like IA and we were on the same team.

    Barbara Puszkiewicz-Cimino
    Associate Director