BIMI Implementation: Building Brand Trust Through Email Authentication
What is BIMI and Why Does It Matter?
BIMI (Brand Indicators for Message Identification) is the visual payoff for your email authentication efforts. When implemented correctly, your verified brand logo appears next to your emails in supported inboxes.
Instead of a generic avatar or initials, recipients see your actual logo—building instant recognition and trust.
**Supported Email Clients:** - Gmail (with VMC certificate) - Yahoo Mail - Apple Mail (iOS 16+, macOS Ventura+) - Fastmail - AOL Mail
Prerequisites: You Must Earn BIMI
BIMI isn't a shortcut—it's a reward for doing email security right. Before you can implement BIMI, you need:
**1. DMARC at Enforcement Level** Your DMARC policy must be at p=quarantine or p=reject with pct=100. No exceptions.
**2. Perfect SPF and DKIM** Both must pass AND align with your From domain.
**3. Good Sender Reputation** Low spam complaints and bounce rates.
**4. Trademark Registration (for Gmail)** Gmail requires a Verified Mark Certificate, which requires a registered trademark.
# Minimum DMARC for BIMI
v=DMARC1; p=quarantine; pct=100; rua=mailto:[email protected]
# Recommended DMARC for BIMI
v=DMARC1; p=reject; rua=mailto:[email protected]; adkim=s; aspf=sBIMI will NOT work with p=none. You must be enforcing DMARC.
Creating Your BIMI Logo
Your logo must meet strict technical requirements:
**Format:** SVG Tiny 1.2 Portable/Secure (not regular SVG!) **Shape:** Square dimensions **Size:** Maximum 32KB **Background:** Solid color (no transparency for Gmail) **Content:** No scripts, animations, or external references
The logo should be recognizable at small sizes (40x40 pixels) since that's how it appears in many email clients.
Use BIMI logo generators like bimi.entrust.com/checker to convert your logo to the correct format.
The VMC Decision
A Verified Mark Certificate (VMC) is required for Gmail but optional for other providers.
**Get a VMC if:** - Most of your recipients use Gmail - Brand protection is critical for your business - You have a registered trademark
**Skip the VMC (for now) if:** - Your audience primarily uses Yahoo, Apple Mail, or Fastmail - Budget is limited ($1,000-1,500/year) - You're testing BIMI before full investment
VMC providers: DigiCert, Entrust
Implementation Steps
**Step 1:** Create your BIMI-compliant logo
**Step 2:** Host it at a stable HTTPS URL `https://yourdomain.com/bimi/logo.svg`
**Step 3:** (Optional) Obtain VMC certificate
**Step 4:** Add the BIMI DNS record
# Without VMC (works for Yahoo, Apple, Fastmail)
v=BIMI1; l=https://yourdomain.com/bimi/logo.svg
# With VMC (required for Gmail)
v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/certificate.pemMeasuring BIMI Impact
After implementing BIMI, track these metrics:
- **Open rates:** Many brands see 10-30% increases - **Click rates:** Brand recognition drives engagement - **Phishing reports:** Fewer users report legitimate emails as phishing - **Customer feedback:** Survey recipients about brand recognition
BIMI is more than a logo—it's proof that you take email security seriously.