What is BIMI and how to display my logo in emails?

BIMI (Brand Indicators for Message Identification) is the standard that makes your logo appear next to your messages in Gmail, Yahoo Mail, Apple Mail, Fastmail and a growing list of commercial mail clients. It is a trust signal, a brand asset, and in 2026 an increasingly expected part of a credible email program. This guide explains how BIMI works, what it actually costs to implement, and the specific steps from zero to a verified logo in inbox.

What BIMI does

BIMI takes a verified logo and displays it next to your mail in the inbox list, usually as a circular or square avatar. For brands with high mail volume, this is recognisable enough to improve open rates and reduce phishing confusion. For phishing victims, a logo on the real bank's mail and a generic avatar on the fake one is a visible difference that matters.

Technically, BIMI is a DNS record that points to:

1. An SVG logo file (in the SVG Tiny 1.2 Portable/Secure profile).
2. Optionally, a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC) proving ownership of the logo.

Mail clients that support BIMI fetch the logo (and optionally the certificate), validate it against the sender's DMARC policy, and render the logo if everything checks out.

Requirements in 2026

For BIMI to work at all:

• DMARC at p=quarantine or p=reject (NOT p=none). Gmail enforces this strictly.
• SPF and DKIM correctly aligning with the From domain.
• An SVG logo in SVG Tiny 1.2 Portable/Secure profile.
• A BIMI DNS record pointing to the logo URL.

For BIMI to display in Gmail and Apple Mail specifically, also required:

• A Verified Mark Certificate (VMC) or Common Mark Certificate (CMC).

For VMC: the logo must be a registered trademark in at least one of the supported jurisdictions (USPTO, EUIPO, UKIPO, CIPO, IP Australia, JPO, DPMA, IP India, IGE). Certificates are issued by DigiCert and Entrust for VMCs or SSL.com for CMCs. Cost is typically 1000-2000 USD/year for a VMC, 500-1000 USD/year for a CMC.

For BIMI to display in Yahoo, Fastmail, AOL: CMC or VMC accepted, or in some cases just the SVG and DMARC enforcement.

The DNS record

A minimal BIMI record:

default._bimi.example.com. TXT  "v=BIMI1; l=https://example.com/bimi-logo.svg"

With a certificate:

default._bimi.example.com. TXT  "v=BIMI1; l=https://example.com/bimi-logo.svg; a=https://example.com/bimi-cert.pem"

The default selector is the default location. You can publish selector-specific BIMI for different sub-brands, but most organisations use default.

The SVG logo

This is the hardest part for most organisations. BIMI requires SVG Tiny 1.2 Portable/Secure (SVG P/S), not general SVG. Most logo SVGs in production will not validate.

Requirements for a compliant SVG:

• SVG version 1.2 Tiny, Portable/Secure profile.
• Single <svg> root element.
• Exact baseProfile="tiny-ps" attribute.
• <title> element required.
• No external references (no <image> linking to external URLs).
• No scripts or event handlers.
• No animation elements.
• Text only via <text> (no <foreignObject>).
• Square aspect ratio (1:1 viewBox).
• Solid color background (no transparency for VMC — transparency is now allowed for CMC).
• Served over HTTPS with a valid TLS certificate.
• Content-Type image/svg+xml.

Example minimal compliant SVG:

<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg"
     xmlns:xlink="http://www.w3.org/1999/xlink"
     version="1.2" baseProfile="tiny-ps"
     viewBox="0 0 100 100">
  <title>Example Brand Logo</title>
  <rect x="0" y="0" width="100" height="100" fill="#0052cc"/>
  <text x="50" y="60" font-family="Arial" font-size="40"
        fill="white" text-anchor="middle">X</text>
</svg>

Common conversion paths: if your logo is PNG or standard SVG, you typically need to redesign or recreate it in Tiny PS profile. Most graphic designers are not familiar with the profile. Several free validators online will confirm compliance.

Choosing between VMC and CMC

VMC (Verified Mark Certificate) — requires a registered trademark. Logo must match the trademark registration. Validated by DigiCert or Entrust. Displays in Gmail, Apple Mail, Yahoo, Fastmail, and others. Annual cost 1000-2000 USD.

CMC (Common Mark Certificate) — does not require a registered trademark. Logo can be any logo you have used publicly for 12+ months. Validated by SSL.com (and recently others). Displays in Gmail (since 2023), Apple Mail, Yahoo, Fastmail. Annual cost 500-1000 USD.

If you have a trademark: VMC is the standard path. If you do not and cannot wait for one: CMC is fine and increasingly accepted everywhere.

Setup step by step

Step 1: Verify DMARC is at p=quarantine or p=reject. BIMI will silently not display if DMARC is p=none. Confirm with a scan on IntoDNS.ai.

Step 2: Prepare the SVG. Have a designer redraw your logo in SVG Tiny 1.2 Portable/Secure profile. Test with a BIMI SVG validator.

Step 3: Host the SVG. Upload to a URL on your domain. Serve over HTTPS with valid TLS certificate and Content-Type image/svg+xml.

Step 4 (optional): Obtain VMC or CMC. Submit trademark documents or logo usage evidence to DigiCert, Entrust or SSL.com. Validation takes 1-4 weeks. You receive a PEM certificate file.

Step 5: Host the certificate (if applicable). Upload the PEM to a URL on your domain, again over HTTPS.

Step 6: Publish the BIMI DNS record at default._bimi.yourdomain:

v=BIMI1; l=https://yourdomain/bimi-logo.svg; a=https://yourdomain/bimi-cert.pem

Without VMC/CMC, omit a=:

v=BIMI1; l=https://yourdomain/bimi-logo.svg

Step 7: Verify. IntoDNS.ai checks the BIMI record, fetches the SVG, validates the profile, and reports issues.

Step 8: Send a test mail to a Gmail address. After 24-48 hours (cache), the logo should appear next to your mail. Not instant — Gmail caches BIMI results.

Troubleshooting

Logo does not appear in Gmail. Most common cause: DMARC at p=none. Second most common: missing or invalid VMC/CMC. Third: SVG not in Tiny P/S profile. Check Authentication-Results header for BIMI status.

SVG fails validation. Usually because it contains embedded bitmap images, animations, gradients beyond spec, or non-Tiny elements. Redraw in a compliant editor.

Certificate not trusted. VMC must be from an approved issuer (DigiCert, Entrust for VMC; SSL.com and others for CMC). Self-signed or other CAs do not work.

Logo shows in some clients but not others. Expected during rollout — not all clients support BIMI, and caching varies. Gmail and Apple Mail have the longest caches (up to 7 days).

BIMI record syntax error. Common mistakes: missing v=BIMI1, using , between tags, URLs without https://, URLs with redirects (redirects are not allowed in l=).

Is BIMI worth the cost?

For a brand sending under 50K messages/month, the certificate cost may not pay back in increased engagement. For brands over 500K messages/month — especially in regulated industries (banking, government, healthcare) — BIMI is a meaningful brand and anti-phishing investment.

Without a certificate, you get BIMI display in Yahoo, Fastmail and a few others. With a CMC you add Gmail and Apple Mail. With a VMC you get full coverage and the strongest brand signal.

When to use IntoDNS.ai

IntoDNS.ai parses the BIMI record, fetches the SVG over HTTPS, validates the profile, checks TLS on the logo host, confirms DMARC policy is at enforcement level, and reports exactly what is blocking BIMI display. Use it before and after every BIMI change, and weekly to catch certificate expiry on the logo or VMC.

BIMI display across clients in 2026

Support matrix as of April 2026:

• Gmail (web, Android, iOS) — full BIMI with VMC or CMC. Requires DMARC enforcement.
• Apple Mail (iOS, iPadOS, macOS) — BIMI with VMC, support rolled out through 2024-2025.
• Yahoo Mail — BIMI with VMC or CMC, sometimes with just SVG.
• Fastmail — BIMI with or without certificate.
• Outlook.com / Microsoft 365 — limited support; Microsoft has been slow to enforce BIMI and some mailbox types still do not display logos.
• ProtonMail, Tutanota — no BIMI support.
• Various corporate filters — inconsistent; depends on gateway vendor.

Do not expect 100% of recipients to see the logo even with a perfect setup. Gmail and Apple Mail together typically cover 60-75% of commercial recipients.

Migration from old logos

If you are replacing an existing BIMI logo with a refresh:

1. Prepare the new SVG and host it at a new URL (e.g. /bimi-logo-v2.svg).
2. If using a VMC or CMC, obtain a new certificate for the new logo.
3. Update the BIMI DNS record to point at the new URL and certificate.
4. Leave the old URL live for at least 7 days to avoid broken logos during Gmail's cache refresh.

Gmail aggressively caches BIMI logos. A change to the logo URL can take 24-72 hours to reflect for all recipients.

BIMI cost-benefit

For a small business (under 10K messages/month), the maths rarely works. For a commercial brand sending 1M+ messages/month, BIMI typically returns its cost via a 1-3% lift in open rates, a measurable reduction in phishing confusion, and a signal to receivers that reinforces domain reputation. The clearest BIMI wins are in regulated industries (financial services, healthcare, government) where phishing impersonation is high-value and a logo is a visible trust marker. For pure transactional senders (receipts, shipping notifications), the engagement lift may not justify the VMC cost; a CMC is a reasonable middle ground.