BIMI Setup Guide

BIMI (Brand Indicators for Message Identification) allows your brand logo to appear next to your emails in recipients' inboxes. Instead of a generic avatar or initials, recipients see your official logo—building trust and brand recognition.

Major email providers supporting BIMI: • Gmail - Requires VMC certificate • Yahoo Mail - Works without VMC • Apple Mail (iOS 16+/macOS Ventura+) - Works without VMC • Fastmail - Works without VMC

BIMI is the visual culmination of your email authentication journey—it proves your domain is properly secured with SPF, DKIM, and DMARC.

BIMI requires a properly enforced DMARC policy. Before implementing BIMI, ensure:

1. DMARC Policy at Enforcement Level Your DMARC record must have p=quarantine or p=reject with pct=100.

2. SPF and DKIM Properly Configured Both should pass and align with your From domain.

3. Good Sending Reputation Low spam complaint rates and bounce rates.

4. Trademark Registration (for VMC) If you need Gmail support, your logo must be a registered trademark.

Use IntoDNS.ai to verify your email authentication is ready for BIMI.

Your logo must meet strict requirements:

Format Requirements: • SVG Tiny 1.2 Portable/Secure (SVG Tiny P/S) • Square dimensions (equal width and height) • No animations, scripts, or external references • Solid background (no transparency for Gmail) • Maximum 32KB file size

Design Guidelines: • Center important elements in the middle 66% of the image • Use simple, recognizable design • High contrast for visibility at small sizes • No text smaller than 14px equivalent

Most logos need conversion to meet BIMI requirements:

Option 1: Use BIMI Logo Generators • bimi.entrust.com/checker (free converter) • bimigroup.org/bimi-generator • mxtoolbox.com/bimi

Option 2: Manual Conversion 1. Export your logo as SVG from your design tool 2. Remove all scripts, animations, and external references 3. Add the SVG Tiny P/S profile declaration 4. Inline all styles (no external CSS) 5. Validate using a BIMI checker tool

Option 3: Professional Design Services Consider hiring a designer familiar with BIMI requirements for complex logos.

Your logo must be hosted on a publicly accessible HTTPS URL:

Requirements: • URL must be HTTPS with valid SSL certificate • Response headers must include proper Content-Type • URL should be stable (don't change it frequently) • Fast loading (hosted on reliable CDN or server)

A VMC is a digital certificate that verifies your logo is a registered trademark. It's required for Gmail but optional for other providers.

When You Need a VMC: • Your emails are primarily to Gmail users • You want the full checkmark verification badge • Maximum brand protection is important

When VMC is Optional: • Most recipients use Yahoo, Apple Mail, or Fastmail • Budget constraints (VMCs cost $1,000-1,500/year) • You're testing BIMI before full investment

VMC Requirements: 1. Logo must be a registered trademark (USPTO, EUIPO, etc.) 2. Trademark registration must be active and in good standing 3. Domain ownership verification required 4. Organization validation (similar to EV SSL certificates)

VMC Providers: • DigiCert (digicert.com/tls-ssl/verified-mark-certificates) • Entrust (entrust.com/digital-security/certificate-solutions/products/digital-certificates/verified-mark-certificates)

VMC Process Timeline: • Trademark verification: 1-2 weeks • Domain/organization validation: 3-5 business days • Total timeline: 2-4 weeks

Add a TXT record at default._bimi.yourdomain.com:

Record Tags: • v=BIMI1 - Version identifier (required) • l= - Logo URL (required) - HTTPS URL to your SVG logo • a= - Authority URL (optional) - HTTPS URL to your VMC certificate

Placement: • Host: default._bimi (or selector._bimi for specific selectors) • Type: TXT • TTL: 3600 (1 hour) or higher

Subdomain BIMI: You can have different BIMI records for subdomains by creating records at default._bimi.subdomain.yourdomain.com

After setting up BIMI, verify everything works:

1. DNS Propagation Check Wait for DNS propagation (typically 1-24 hours)

2. Use BIMI Verification Tools: • IntoDNS.ai - Check BIMI record and logo • bimigroup.org/bimi-generator - Validate your setup • mxtoolbox.com/bimi - Full BIMI lookup

3. Send Test Emails Send emails to accounts at Gmail, Yahoo, and Apple Mail to verify logo display.

4. Monitor Over Time BIMI logo display can take 24-48 hours to appear after initial setup.

Full Support (with logo display): • Gmail - Requires VMC, shows blue checkmark • Yahoo Mail - No VMC required • Apple Mail (iOS 16+, macOS Ventura+) - No VMC required • Fastmail - No VMC required • AOL - No VMC required

Coming Soon / Partial Support: • Microsoft Outlook - Announced support, rolling out • Other providers - Adoption increasing

Not Supported: • Older Apple Mail versions • Most corporate email systems (unless configured)

Logo Not Appearing: 1. Verify DMARC is at p=quarantine or p=reject 2. Check DNS record is correctly formatted 3. Ensure logo URL is accessible and returns correct Content-Type 4. Wait 24-48 hours for initial display

Gmail Not Showing Logo: 1. Confirm you have a valid VMC certificate 2. Verify VMC URL is accessible 3. Check trademark matches logo exactly 4. Ensure domain reputation is good

"Invalid SVG" Errors: 1. Validate SVG is SVG Tiny 1.2 P/S format 2. Remove any scripts or animations 3. Ensure no external references 4. Check file size is under 32KB

Logo Design: • Keep it simple and recognizable at small sizes • Use your primary brand logo (the one people recognize) • Ensure high contrast against white backgrounds • Test at 40x40 pixels to ensure visibility

Maintenance: • Monitor DMARC reports to maintain enforcement • Keep VMC certificate renewed annually • Update DNS if logo URL changes • Regularly verify BIMI is working

Security: • Host logo on your own domain when possible • Use HTTPS everywhere • Monitor for unauthorized BIMI attempts on lookalike domains