How to Set Up BIMI for Custom Domain Email Avatars
What is BIMI and Why Should You Care?
BIMI (Brand Indicators for Message Identification) lets you display your brand logo as an avatar next to every email you send. Instead of a generic initial or blank avatar in Gmail, Apple Mail, or Yahoo Mail, recipients see your verified logo — building instant recognition and trust.
If you run a custom domain for business email, BIMI is the most visible way to differentiate your messages in crowded inboxes. Here's exactly how to set it up.
Prerequisites: Your Email Authentication Must Be Solid
BIMI doesn't work in isolation. It's the visual reward for having your email authentication in order. Before setting up BIMI, you need three things in place:
1. SPF Record
Your SPF record must list all authorized sending sources. Here's what a properly configured SPF record looks like:
; Example SPF for a domain using Google Workspace + Mailchimp
example.com. IN TXT "v=spf1 include:_spf.google.com include:servers.mcsv.net -all"
; Example SPF for a domain using Microsoft 365
example.com. IN TXT "v=spf1 include:spf.protection.outlook.com -all"The -all (hard fail) is recommended over ~all (soft fail) for BIMI compatibility.
2. DKIM Signing
DKIM must be active with valid keys published in DNS. You can verify with a dig command:
$ dig TXT google._domainkey.example.com +short
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhki..."If this returns empty, your DKIM isn't published yet — check your email provider's documentation for the selector name and public key.
3. DMARC at Enforcement Level
This is the critical one. BIMI requires DMARC with either p=quarantine or p=reject. Here are examples:
; Minimum for BIMI (quarantine)
_dmarc.example.com. IN TXT "v=DMARC1; p=quarantine; rua=mailto:[email protected]"
; Recommended for BIMI (reject)
_dmarc.example.com. IN TXT "v=DMARC1; p=reject; rua=mailto:[email protected]; pct=100"BIMI will NOT work with p=none. If you're still on p=none, you'll need to gradually move to enforcement first. Check your current DMARC reports to make sure legitimate email won't be affected.
Use IntoDNS.AI to verify all three records at once before proceeding. Need help setting these up? Check our guides on SPF, DKIM, and DMARC, or use our free SPF Generator and DMARC Generator tools.
Step 1: Create a BIMI-Compliant Logo
Your logo must meet specific technical requirements:
- Format: SVG Tiny 1.2 Profile (SVG Tiny PS) — not a regular SVG file
- Shape: Square aspect ratio, centered in the viewbox
- Size: Keep it under 32KB
- Background: Non-transparent — must have a solid background color
- Content: No text or complex gradients that won't render at small sizes
Example: Minimal SVG Tiny 1.2 PS Structure
<?xml version="1.0" encoding="UTF-8"?>
<svg version="1.2" baseProfile="tiny-ps"
xmlns="http://www.w3.org/2000/svg"
viewBox="0 0 100 100">
<!-- Solid background (required) -->
<rect width="100" height="100" fill="#1a56db"/>
<!-- Your logo centered -->
<circle cx="50" cy="50" r="35" fill="#ffffff"/>
</svg>The key differences from a regular SVG: version="1.2" and baseProfile="tiny-ps". Without these attributes, email clients will reject the file silently.
Common Logo Mistakes
- Using a regular SVG instead of SVG Tiny 1.2 PS (most common failure)
- Transparent backgrounds (Gmail requires a solid background)
- File too large (over 32KB)
- Logo not centered or not square
- Using
<text>elements (not supported in Tiny PS)
Step 2: Host Your Logo
Upload your SVG file to a publicly accessible HTTPS URL on your domain. The URL must:
- Use HTTPS (not HTTP)
- Return the correct
Content-Type: image/svg+xmlheader - Be accessible without authentication
- Return a 200 status code
Example: Verify Your Logo Is Accessible
$ curl -I https://example.com/bimi/logo.svg
HTTP/2 200
content-type: image/svg+xml
content-length: 1847
# If you see 'content-type: application/octet-stream' instead,
# add this to your web server config:
# Nginx: types { image/svg+xml svg; }
# Apache: AddType image/svg+xml .svgA typical hosting location: https://yourdomain.com/bimi/logo.svg or https://yourdomain.com/.well-known/bimi/logo.svg
Step 3: Add the BIMI DNS Record
Create a TXT record at default._bimi.yourdomain.com. You can use our free BIMI Record Generator to create the correct record automatically, or follow the manual examples below:
Example: BIMI Without VMC (Free)
; DNS zone file entry
default._bimi.example.com. IN TXT "v=BIMI1; l=https://example.com/bimi/logo.svg;"
; Cloudflare / Route53 / other DNS panel:
; Name: default._bimi
; Type: TXT
; Value: v=BIMI1; l=https://example.com/bimi/logo.svg;Example: BIMI With VMC (Gmail Support)
default._bimi.example.com. IN TXT "v=BIMI1; l=https://example.com/bimi/logo.svg; a=https://example.com/bimi/certificate.pem"Example: Verify Your Record With dig
$ dig TXT default._bimi.example.com +short
"v=BIMI1; l=https://example.com/bimi/logo.svg;"
# If this returns empty, check:
# 1. DNS propagation (can take up to 48 hours)
# 2. Record name (must be default._bimi, not just _bimi)
# 3. Record type (must be TXT, not CNAME)Step 4: Verify Your Complete Setup
After adding the DNS record, run through this verification sequence:
# 1. Check BIMI record exists
$ dig TXT default._bimi.example.com +short
# 2. Check logo is accessible and correct content type
$ curl -sI https://example.com/bimi/logo.svg | grep content-type
# 3. Check DMARC is at enforcement
$ dig TXT _dmarc.example.com +short
# 4. Check SPF is valid
$ dig TXT example.com +short | grep spfOr simply run a full scan on IntoDNS.AI — it checks BIMI, SPF, DKIM, and DMARC in one go and tells you exactly what's missing.
Real-World Timeline
After completing setup, here's what to expect:
- DNS propagation: 1-48 hours for the TXT record to be visible globally
- Apple Mail: logo appears within hours of DNS propagation
- Yahoo Mail: may take 24-48 hours after DNS is live
- Gmail (with VMC): can take up to a week for Google to cache and display
Do You Need a VMC Certificate?
A Verified Mark Certificate (VMC) costs approximately $1,500 per year and requires a registered trademark. Here's the quick decision matrix:
| Scenario | VMC Needed? | Why |
|---|---|---|
| Small business, <1K emails/month | No | Cost per impression too high |
| B2B with mostly Outlook users | No | Outlook doesn't support BIMI yet |
| B2C with 50%+ Gmail audience | Yes | Gmail requires VMC for logo display |
| E-commerce or finance | Yes | Brand trust directly impacts revenue |
| Testing BIMI for the first time | No | Validate setup first, invest later |
For most businesses, starting without a VMC is the smart move — your logo will display in Apple Mail (58% of mobile opens) and Yahoo Mail immediately.
Complete BIMI Setup Checklist
- SPF record configured with
-alland passing authentication - DKIM signing active — verify with
dig TXT selector._domainkey.yourdomain.com - DMARC policy set to
p=quarantineorp=reject(notp=none) - Logo converted to SVG Tiny 1.2 PS format with
baseProfile="tiny-ps" - Logo hosted at HTTPS URL returning
Content-Type: image/svg+xml - TXT record added at
default._bimi.yourdomain.com - Record verified with
dig TXT default._bimi.yourdomain.com +short - Test email sent to Apple Mail or Yahoo account to confirm logo display
BIMI is one of the most rewarding email authentication standards to implement — it turns invisible security work into visible brand presence. Get your authentication foundation right, and your logo will speak for itself in every inbox.
Continue Reading
- BIMI Certificates in 2026: VMC vs CMC Pricing and Which One You Need — detailed cost comparison of certificate options
- BIMI Without VMC: Which Email Clients Show Your Logo for Free? — see which clients display your logo without any certificate
- BIMI Implementation: Building Brand Trust Through Email Authentication — the strategic case for BIMI
- Complete BIMI Guide — deep dive into BIMI standards and requirements
- Why Your Emails End Up in Spam — complete guide to SPF, DKIM, and DMARC