What Is BIMI? Brand Indicators for Message Identification

BIMI (Brand Indicators for Message Identification) displays your business' logo as the profile picture / avatar in your emails. It's a big flex and a lot of people say, "Whoa! How did you do that?" BIMI, that's how.

You can't just upload your logo somewhere to change your profile picture in the inbox. There’s a specific process to follow, and if you skip steps, your logo won’t show up.

This guide walks through BIMI from start to finish. You'll learn what it is, how to set it up, what logos work best, and what you need to know about the required certificates.

TL;DR: BIMI Basics

BIMI (Brand Indicators for Message Identification) shows your logo next to emails in the inbox. Your brand becomes instantly recognizable in Gmail, Yahoo, Apple Mail, and other supporting email clients¹.

What you need:

• DMARC enforcement: Your DMARC policy must be set to p=quarantine or p=reject with pct=100².
• Logo file: A square SVG Tiny P/S logo hosted on a public HTTPS server³.
• DNS records: A specific BIMI TXT record in your domain's DNS that points to your logo⁴.
• Certificate (for Gmail & Apple Mail): A Verified Mark Certificate (VMC) is required for most major providers, costing around $1,500 per year⁵. As of late 2024, Gmail also supports the more accessible Common Mark Certificate (CMC), which doesn't require a registered trademark⁶.

Why bother with BIMI:

• People recognize your emails instantly when they see your logo.
• Your emails look more professional and trustworthy.
• It's harder for scammers to impersonate your brand.
• You stand out in crowded inboxes.

What to watch out for: You can't just upload a logo and call it done. DMARC has to be working first. Your logo needs specific formatting. Gmail and Apple Mail won't show your logo without a certificate⁷⁸. You can start with a self-asserted record for providers like Yahoo, then decide if the certificate cost is worth it for broader coverage.

What Is BIMI?

BIMI (Brand Indicators for Message Identification) is an email standard that gets your logo to show up next to your emails.

Think about your inbox. You see sender names, subject lines, maybe a preview. With BIMI, you see logos too: that Nike swoosh, the Twitter bird, uour company's logo, right there in the inbox, before anyone opens the email.

Here's the technical part: BIMI works through DNS records that point to your logo file. When an email arrives, the receiving server checks if you have BIMI set up. If you do, and if your email passes authentication checks, your logo shows up.

But there's a catch. You need DMARC working first. That means your domain has to be authenticated properly, with a policy that actually rejects or quarantines fake emails. No DMARC, no logo.

While pilot programs began earlier, the standard saw its first major rollout with Google's general availability launch in July 2021⁷. Yahoo was a key early pilot partner, and Apple added support with iOS 16 in 2022⁸. However, their requirements differ. Gmail and Apple Mail require a certificate (a VMC, or in Gmail's case, a CMC) to prove you own the logo⁶⁸. Yahoo, on the other hand, does not currently require a certificate⁹. Notably, Microsoft Outlook does not support BIMI at this time¹⁰.

This matters because logos build trust. People spot fake emails faster when they know what the real logo looks like. Your open rates go up because people recognize you. And in a world where everyone's worried about phishing, that visual confirmation means something.

How BIMI Works

Here's what happens when someone receives your email with BIMI enabled.

First, the receiving email server checks if your email is legitimate - it looks at your DMARC record to see if you've set it to quarantine or reject. This is non-negotiable and if your DMARC is set to p=none or doesn't exist, the process stops here. No logo for you².

Next, if your email passes DMARC, the server looks for your BIMI record. This is another DNS record, like SPF or DKIM, but it points to your logo file. The record tells the email client where to find your logo and, if you have one, your certificate.

The email client then fetches your logo. It has to be an SVG file in a specific profile (SVG Tiny P/S), hosted somewhere public with HTTPS³. The logo needs to be square and simple. Too complex? Won't work. Wrong format? Won't work.

For some email clients, like Yahoo, that's it. Your logo appears⁹. But Gmail and Apple Mail add another layer. They want proof you own that logo. That's where a certificate comes in. A Verified Mark Certificate (VMC) is like an SSL certificate for logos, proving you own the registered trademark. A Common Mark Certificate (CMC) is a newer, less stringent option supported by Gmail that doesn't require a trademark⁶. The email provider trusts the certificate authority, so they trust your logo.

The whole process happens in milliseconds. The recipient doesn’t see any of this. They just see your logo next to your email, instantly knowing it’s really from you.

BIMI Requirements

You can't just throw a logo online and expect BIMI to work. There are specific requirements, and missing any of them means no logo display.

DMARC Enforcement

This is the big one. Your DMARC policy must be set to either p=quarantine or p=reject. Not p=none. Not missing. Actually protecting your domain.

Why is this so strict? Because BIMI is about trust. If anyone can send emails pretending to be you, showing your logo would make the problem worse. The logo becomes a stamp of authenticity, so email providers need to know the email is actually from you.

Setting up DMARC properly takes work. You need to monitor your email authentication, find all your legitimate sending sources, and make sure they're all authenticated. Only then can you move to quarantine or reject. Skip this step, and BIMI won't work. Period.

Logo Requirements

Your logo needs to follow strict rules, or email clients will ignore it.

First, it must be an SVG Tiny P/S (Portable/Secure) file³. Not a standard SVG, and definitely not a PNG or JPG. This specific vector format scales perfectly and meets security requirements.

The logo has to be square. Exactly square. Your rectangular logo won’t work.

Keep it simple. Complex logos with tons of detail, gradients, or text often fail validation. Just your core logo mark, clean and simple, on a solid background is best.

Here's what works:

• Square SVG Tiny P/S file (1:1 aspect ratio)
• File size under 32 KB¹¹
• No text is strongly recommended
• Simple design without excessive detail
• Hosted on a public server with HTTPS

While the official BIMI spec doesn't define pixel dimensions, providers like Google recommend a minimum size of 96x96 pixels¹².

DNS Records

You need to add a BIMI record to your DNS. It looks like this:

default._bimi.yourdomain.com TXT "v=BIMI1; l=https://example.com/logo.svg;"

Breaking that down:

• v=BIMI1 tells email clients this is a BIMI version 1 record⁴.
• l= points to your SVG logo file (must be HTTPS).
• a= points to your certificate file (VMC or CMC), which is optional in the spec but required for display in Gmail and Apple Mail⁷⁸.

The record goes in your DNS just like SPF, DKIM, or DMARC records. Most DNS providers make this straightforward. Add a TXT record, paste in the BIMI string, and save.

VMC and CMC Certificates

Here's where things can get expensive. Gmail and Apple Mail require a certificate to display your logo⁷⁸.

A Verified Mark Certificate (VMC) proves you own the registered trademark for your logo. Certificate authorities like DigiCert or Entrust verify your trademark, then issue a certificate. This is the highest standard and is required by Apple Mail. VMCs cost around $1,500 per year⁵.

As of September 2024, Gmail also supports a Common Mark Certificate (CMC)⁶. This is a more accessible and affordable option that does not require a registered trademark, making BIMI attainable for more brands.

You have to decide if the coverage is worth the cost. For many companies, Gmail and Apple Mail users are a huge portion of their audience. For others, starting with Yahoo (which requires no certificate) is a good first step.

How to Implement BIMI

Ready to get your logo showing up? Here's exactly how to do it.

Step 1: Get DMARC working first. This is the hardest part, but you can't skip it. Your DMARC policy needs to be at p=quarantine or p=reject. If you're starting from scratch, this could take weeks or months. You need to identify all your email sources, get them authenticated, monitor your reports, and gradually move from p=none to enforcement. No shortcuts here.

Step 2: Prepare your logo. Take your logo and create a square SVG Tiny P/S version under 32KB. Remove any text and simplify complex elements. Upload it to your server with public HTTPS access.

Step 3: Add the BIMI DNS record. Go to your DNS provider and add a TXT record at default._bimi.yourdomain.com. The record should be: v=BIMI1; l=https://yourdomain.com/logo.svg;. This is your self-asserted record.

Step 4: Test it. Send test emails to a Yahoo account. Your logo should appear within a few hours (assuming your domain has good sending reputation)⁹. Use a BIMI validator tool online to check your setup.

Step 5: Decide about a Certificate (VMC/CMC). Look at your email analytics. What percentage of your audience uses Gmail or Apple Mail? If it's significant, you'll need a certificate. For Apple Mail, you must get a VMC⁸. For Gmail, you can choose between a VMC or the more affordable CMC⁶. Purchase the certificate, upload it, and add the a= tag to your BIMI DNS record.

BIMI Best Practices

Getting BIMI to work is one thing. Getting it to work well is another.

Fix DMARC before anything else. Don't rush to p=reject just for BIMI. Take your time. Monitor your authentication reports and find every legitimate email source. Get them all authenticated properly. Moving too fast breaks email delivery, and no logo is worth bounced emails to customers.

Start simple with your logo. That detailed logo with gradients and shadows might look great on your website, but it won’t work for BIMI. Strip it down to the essentials - think app icon, not billboard. The simpler the logo, the better it displays at small sizes.

Test across different email providers. Send test emails to Yahoo, Gmail, and Apple Mail accounts. Remember that Microsoft Outlook does not support BIMI¹⁰. Your logo might look perfect in one client but not another. Check on mobile and desktop.

Track if BIMI actually helps. Once your logo is displaying, watch your metrics. Do open rates improve? Is brand recognition increasing? If BIMI isn't moving the needle, that expensive certificate might not be worth renewing.

Plan for the Certificate decision. Don't buy a certificate immediately. Get self-asserted BIMI working first with Yahoo. See how it performs. Then decide if the annual cost for a VMC or CMC makes sense for your business.

Keep your logo accessible. That logo file needs to stay available 24/7. If your server goes down or you move the file, logos stop displaying. Use a CDN if possible. Monitor the URL regularly.

Footnotes