What happens if dmarc policy p=none?

BIMI will not work - requires p=quarantine or p=reject IntoDNS detects this by: IntoDNS checks DMARC policy strength before BIMI validation

What happens if invalid svg format?

Logo fails validation, BIMI ignored IntoDNS detects this by: IntoDNS validates SVG meets Tiny P/S specification

Back to Citations

BIMI (Brand Indicators for Message Identification)

Last updated: 2026-01-14RFC verified

Summary

BIMI allows brands to display their logo next to authenticated emails in recipient inboxes. BIMI requires DMARC enforcement (p=quarantine or p=reject) and a verified mark certificate (VMC). Brand logos increase email trust and engagement.

What Is BIMI (Brand Indicators for Message Identification)?

BIMI (Brand Indicators for Message Identification) enables brands to display their logo in email clients. BIMI works by publishing a DNS TXT record pointing to an SVG logo file and optionally a Verified Mark Certificate. Gmail, Yahoo, and Apple Mail support BIMI.

Why BIMI (Brand Indicators for Message Identification) Matters for Email & DNS Security

BIMI increases email trustworthiness through visual brand recognition. Users identify legitimate emails at a glance, reducing phishing success. According to IntoDNS analysis, BIMI-enabled emails show 12% higher engagement rates compared to non-branded authenticated emails. However, BIMI requires DMARC p=quarantine or p=reject.

How BIMI (Brand Indicators for Message Identification) Works (Technical)

1.Brand publishes BIMI record at default._bimi.domain.com
2.Record contains URL to SVG logo (Tiny P/S format)
3.Includes Verified Mark Certificate (VMC) URL
4.Email sent with SPF, DKIM, DMARC alignment
5.DMARC policy must be p=quarantine or p=reject
6.Server validates DMARC passes
7.Fetches BIMI record from DNS
8.SVG logo retrieved and validated
9.VMC verified (required by Gmail)
10.Logo displayed in inbox

Common Misconfigurations

❌ DMARC policy p=none

Consequence: BIMI will not work - requires p=quarantine or p=reject

How IntoDNS detects this: IntoDNS checks DMARC policy strength before BIMI validation

❌ Invalid SVG format

Consequence: Logo fails validation, BIMI ignored

How IntoDNS detects this: IntoDNS validates SVG meets Tiny P/S specification

❌ Missing Verified Mark Certificate

Consequence: Gmail will not display logo (VMC required)

How IntoDNS detects this: IntoDNS checks VMC presence and validates certificate

How IntoDNS.ai Detects & Scores This

IntoDNS validates BIMI through DMARC enforcement check, DNS record at default._bimi, logo URL validation (HTTPS + SVG format), Tiny P/S compliance, VMC certificate validation, and alignment checks.

How To Fix BIMI (Brand Indicators for Message Identification) Issues

1.Ensure DMARC is enforced: p=quarantine or p=reject
2.Create square logo SVG (1:1 ratio) in Tiny P/S format
3.Keep SVG under 32KB
4.Host logo on HTTPS with CORS headers
5.Obtain VMC from DigiCert or Entrust
6.Create BIMI record: v=BIMI1; l=https://domain.com/logo.svg; a=https://domain.com/vmc.pem
7.Publish at default._bimi.yourdomain.com
8.Test with IntoDNS validator

References

Source: IntoDNS.ai – DNS & email security diagnostics

Last updated: 2026-01-14

Category: email

Tools & Resources

→ Email Security Test Tool → API Documentation → Developer Resources