All articles Email Authentication

BIMI Explained: How to Get Your Logo Displayed in the Inbox

SSam wallness13 Jun 2026
BIMI Explained: How to Get Your Logo Displayed in the Inbox

What BIMI Does for Your Brand

Brand Indicators for Message Identification — BIMI — is an email specification that lets organizations display their official logo next to their messages in the inbox. If you've noticed a company's brand icon appearing beside their sender name in Gmail or Apple Mail, that's BIMI at work. It's one of the few email standards with a visible, user-facing benefit: recipients see your logo before they open the message, reinforcing brand recognition and building trust at the inbox level.

The Requirements Before You Can Implement BIMI

BIMI isn't something you simply switch on. It sits at the top of the email authentication stack, and it requires everything below it to be functioning correctly first.

DMARC at Enforcement

Your domain must have a DMARC policy of p=quarantine or p=reject. BIMI is explicitly designed for senders who've already secured their domain — a p=none monitoring policy won't qualify. If your DMARC is still in monitoring mode, that needs to be resolved before BIMI is on the table.

Aligned SPF and DKIM

Both SPF and DKIM must pass with DMARC alignment on your outbound email. BIMI implementations check that authentication is genuinely working, not just that DNS records exist.

A Verified Mark Certificate

For logos to display in Gmail and Yahoo — the two major inbox providers that currently support BIMI — you need a Verified Mark Certificate (VMC) issued by an approved certification authority such as DigiCert or Entrust. VMCs verify that you're the legitimate trademark owner of the logo being displayed. This is a paid process that requires your logo to be a registered trademark.

Apple Mail supports BIMI with more flexibility on VMC requirements for certain implementations, but Gmail and Yahoo both require it for full logo display.

The Logo File Requirements

Your logo must be in SVG Tiny PS format — a strict subset of SVG 1.2 defined specifically for BIMI. Regular SVG files won't work. The specification restricts certain SVG features for security reasons, and most graphics editors can't export this format natively. You typically need a tool like Inkscape with a BIMI-specific export plugin, or a dedicated BIMI logo preparation service.

Key technical requirements:

  • Square aspect ratio
  • Solid background (no transparency)
  • SVG Tiny PS format
  • Hosted at an HTTPS URL on your domain
  • Publicly accessible without authentication or redirects

The BIMI DNS Record

BIMI is published as a TXT record in DNS at a specific subdomain: default._bimi.yourdomain.com. The record format looks like this:

default._bimi.example.com.  IN  TXT  "v=BIMI1; l=https://cdn.example.com/logo.svg; a=https://cert.example.com/vmc.pem"

The l= tag points to your SVG logo file. The a= tag points to your VMC certificate file, hosted at an accessible HTTPS URL. Both must be reachable and return the correct content type.

If you don't yet have a VMC, you can publish a BIMI record with only the l= tag. Some clients will render the logo even without a VMC, though Gmail and Yahoo require it for their implementations.

Which Inbox Providers Support BIMI

Support continues to expand but varies by provider:

  • Gmail: Full support with VMC required
  • Yahoo Mail: Full support with VMC required
  • Apple Mail: Supports BIMI; VMC requirements vary by version
  • Fastmail: Supports BIMI
  • Outlook / Microsoft 365: Does not currently support BIMI — Microsoft uses its own separate sender verification system

BIMI display is entirely a recipient-side feature. Even where BIMI isn't rendered, having the full authentication stack in place benefits your sending reputation with every provider.

The Real Value of Going Through the Process

BIMI's most obvious benefit is visual brand recognition — your logo builds familiarity and trust before the message is opened. But the indirect benefit is equally significant: qualifying for BIMI forces you to have your entire authentication infrastructure working correctly. Organizations that pursue BIMI invariably close authentication gaps they'd been deferring.

For high-volume senders — financial institutions, retailers, SaaS companies — the visible logo also acts as a practical phishing deterrent. Customers who expect to see your logo on legitimate mail find it easier to identify impersonation attempts that lack it.

Getting Started with BIMI

The path to BIMI breaks down into clear stages:

  1. Confirm SPF and DKIM are properly aligned on all outbound mail streams
  2. Move DMARC from p=none to p=quarantine and then p=reject
  3. Register your logo as a trademark (if not already)
  4. Prepare the logo in SVG Tiny PS format
  5. Obtain a VMC from DigiCert or Entrust
  6. Host the SVG and VMC files at HTTPS URLs on your domain
  7. Publish the BIMI DNS TXT record

If you're working through the authentication prerequisites, the MailDog DNS security guide covers SPF, DKIM, and DMARC configuration in detail. Once authentication is solid, MailDog's SMTP infrastructure ensures outbound mail is properly signed and DMARC-aligned. Review the technical documentation or reach out directly if you need help with the DNS or signing configuration as part of your BIMI rollout. More authentication guides are available on the MailDog blog.

Tags#email authentication#DMARC#BIMI#brand indicators#VMC#email logo

Related articles