BIMI Setup Guide

BIMI (Brand Indicators for Message Identification) allows your brand logo to appear next to your emails in recipients' inboxes. Instead of a generic avatar or initials, recipients see your official logo—building trust and brand recognition.

Major email providers supporting BIMI: • Gmail - Requires a VMC or CMC mark certificate; VMC enables the blue verified checkmark • Yahoo Mail - Can work without a mark certificate • Apple Mail (iOS 16+/macOS Ventura+) - Can work without a mark certificate • Fastmail - Can work without a mark certificate

BIMI is hot because it is visible: recipients can see the brand logo in the inbox. Adoption is still uneven because VMC/CMC certificates add cost and validation work, so verify readiness before spending money.

BIMI requires a properly enforced DMARC policy. Before implementing BIMI, ensure:

1. DMARC Policy at Enforcement Level Your DMARC record must have p=quarantine or p=reject with pct=100.

2. SPF and DKIM Properly Configured Both should pass and align with your From domain.

3. Good Sending Reputation Low spam complaint rates and bounce rates.

4. Mark Certificate Planning If you need Gmail logo display, plan for a VMC or CMC. A VMC usually requires a registered trademark or government mark and enables Gmail's blue verified checkmark. A CMC can be an option for some non-registered logos, but mailbox-provider acceptance still matters.

Use IntoDNS.ai to verify your email authentication is ready for BIMI.

Your logo must meet strict requirements:

Format Requirements: • SVG Tiny 1.2 Portable/Secure (SVG Tiny P/S) • Square dimensions (equal width and height) • No animations, scripts, or external references • Solid background (no transparency for Gmail) • Maximum 32KB file size

Design Guidelines: • Center important elements in the middle 66% of the image • Use simple, recognizable design • High contrast for visibility at small sizes • No text smaller than 14px equivalent

Most logos need conversion to meet BIMI requirements:

Option 1: Use BIMI Logo Generators • bimi.entrust.com/checker (free converter) • bimigroup.org/bimi-generator • mxtoolbox.com/bimi

Option 2: Manual Conversion 1. Export your logo as SVG from your design tool 2. Remove all scripts, animations, and external references 3. Add the SVG Tiny P/S profile declaration 4. Inline all styles (no external CSS) 5. Validate using a BIMI checker tool

Option 3: Professional Design Services Consider hiring a designer familiar with BIMI requirements for complex logos.

Your logo must be hosted on a publicly accessible HTTPS URL:

Requirements: • URL must be HTTPS with valid SSL certificate • Response headers must include proper Content-Type • URL should be stable (don't change it frequently) • Fast loading (hosted on reliable CDN or server)

For Gmail, BIMI uses a certificate-backed path: a Verified Mark Certificate (VMC) or Common Mark Certificate (CMC). A VMC is the stronger option for registered trademarks and enables Gmail's blue verified checkmark. A CMC can help brands without a registered trademark, but it still requires validation and mailbox-provider acceptance.

When You Need a VMC or CMC: • Your emails are primarily to Gmail users • You want Gmail logo display • You want the full VMC checkmark verification badge • Maximum brand protection is important

When a Certificate Can Wait: • Most recipients use Yahoo, Apple Mail, or Fastmail • Budget is not approved yet; public mark-certificate pricing is often around the low-thousands per year • You're testing BIMI readiness before full investment

VMC Requirements: 1. Logo must usually be a registered trademark (USPTO, EUIPO, etc.) or approved government mark 2. Trademark registration must be active and in good standing 3. Domain ownership verification required 4. Organization validation required

CMC Requirements: 1. Can support some logos that are not formally registered trademarks 2. Still requires third-party mark validation 3. Still requires domain and organization validation 4. Acceptance can vary by mailbox provider

Mark Certificate Providers: • DigiCert (digicert.com/tls-ssl/verified-mark-certificates) • Entrust (entrust.com/digital-security/certificate-solutions/products/digital-certificates/verified-mark-certificates)

Typical Process Timeline: • Trademark verification: 1-2 weeks • Domain/organization validation: 3-5 business days • Total timeline: 2-4 weeks once paperwork is ready

Add a TXT record at default._bimi.yourdomain.com:

Record Tags: • v=BIMI1 - Version identifier (required) • l= - Logo URL (required) - HTTPS URL to your SVG logo • a= - Authority URL (optional in syntax, required for certificate-backed Gmail display) - HTTPS URL to your VMC or CMC certificate

Placement: • Host: default._bimi (or selector._bimi for specific selectors) • Type: TXT • TTL: 3600 (1 hour) or higher

Subdomain BIMI: You can have different BIMI records for subdomains by creating records at default._bimi.subdomain.yourdomain.com

After setting up BIMI, verify everything works:

1. DNS Propagation Check Wait for DNS propagation (typically 1-24 hours)

2. Use BIMI Verification Tools: • IntoDNS.ai - Check BIMI record and logo • bimigroup.org/bimi-generator - Validate your setup • mxtoolbox.com/bimi - Full BIMI lookup

3. Send Test Emails Send emails to accounts at Gmail, Yahoo, and Apple Mail to verify logo display.

4. Monitor Over Time BIMI logo display can take 24-48 hours to appear after initial setup.

Full Support (with logo display): • Gmail - Requires VMC or CMC; VMC shows the blue verified checkmark • Yahoo Mail - No mark certificate required in many deployments • Apple Mail (iOS 16+, macOS Ventura+) - No mark certificate required in many deployments • Fastmail - No mark certificate required in many deployments • AOL - No mark certificate required in many deployments

Coming Soon / Partial Support: • Microsoft Outlook - Announced support, rolling out • Other providers - Adoption increasing

Not Supported: • Older Apple Mail versions • Most corporate email systems (unless configured)

Logo Not Appearing: 1. Verify DMARC is at p=quarantine or p=reject 2. Check DNS record is correctly formatted 3. Ensure logo URL is accessible and returns correct Content-Type 4. Wait 24-48 hours for initial display

Gmail Not Showing Logo: 1. Confirm you have a valid VMC or CMC certificate 2. Verify certificate URL is accessible 3. Check certificate/logo/domain details match 4. Ensure domain reputation is good

"Invalid SVG" Errors: 1. Validate SVG is SVG Tiny 1.2 P/S format 2. Remove any scripts or animations 3. Ensure no external references 4. Check file size is under 32KB

Logo Design: • Keep it simple and recognizable at small sizes • Use your primary brand logo (the one people recognize) • Ensure high contrast against white backgrounds • Test at 40x40 pixels to ensure visibility

Maintenance: • Monitor DMARC reports to maintain enforcement • Keep VMC or CMC certificates renewed before expiry • Update DNS if logo URL changes • Regularly verify BIMI is working

Security: • Host logo on your own domain when possible • Use HTTPS everywhere • Monitor for unauthorized BIMI attempts on lookalike domains