Domains

Implementing BIMI

Display your brand logo as the sender avatar in supporting inboxes by publishing a BIMI record backed by a DMARC policy and a mark certificate.

BIMI (Brand Indicators for Message Identification) lets you show your logo — and, with the right certificate, a verification checkmark — next to your messages in the inbox. It increases brand recognition and trust, and many major providers now support it.

Prerequisites

  • Establish verifiable use of your logo — either a registered trademark, or documented use of the logo for over a year.
  • Publish a DMARC record with a policy of p=quarantine; or p=reject; (BIMI will not work at p=none;).

Client support

Support depends on the kind of certificate you hold — a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC):

ClientWith a CMCWith a VMCNo certificate
Apple MailNoYesNo
GmailYesYesNo
OutlookNoNoNo
YahooYesYesYes

Step 1 — Configure DMARC

BIMI requires an enforced DMARC policy so that no one else can spoof your domain and ride on your logo. The relevant tags:

TagPurposeRequired value
pPolicyp=quarantine; or p=reject;
pctPercentagepct=100;
v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarcreports@example.com
For BIMI on a subdomain, the root (apex) domain must also publish a p=quarantine or p=reject policy. Without it the subdomain is not BIMI-compliant and the logo will not show. If you have not set up DMARC yet, follow Implementing DMARC first.

Step 2 — Get a mark certificate

To display your logo in most clients you must prove ownership of it with a mark certificate, much like obtaining an SSL certificate for a website. The two types:

  • Verified Mark Certificate (VMC) — available if you hold a trademark of the logo. Widest support; Gmail shows a blue checkmark alongside the logo.
  • Common Mark Certificate (CMC) — available if you can show you have used the logo for at least a year (no trademark needed). Currently supported mainly by Gmail.

Certificates are issued by authorized mark verifying authorities such as DigiCert, GlobalSign, and SSL.com. Before you start, know that:

  • You cannot get a certificate without a trademark *or* a documented year of logo use.
  • The process can take weeks — start early and respond to the authority’s requests promptly.
  • You will need an SVG Tiny P/S formatted logo, a DNS record to prove domain ownership, identification proving you own the trademark/logo, and publicly available proof your business exists.

Step 3 — Publish the BIMI record

With the certificate in hand, add a TXT record that points to your logo and your certificate:

TXT record
Namehostoptional

default._bimi

Typerecordoptional

TXT

Valuestringoptional

v=BIMI1; l=link_to_logo; a=link_to_certificate;

v=BIMI1; l=https://vmc.example.com/00-00.svg; a=https://vmc.example.com/00-00.pem;
Serve both the logo (.svg) and the certificate (.pem) over HTTPS — providers will not display a logo fetched from an HTTP URL.

It often takes a few days after the record propagates for the logo to appear, and mailbox providers decide whether to show it based on your domain’s sending volume and reputation. A domain with a high spam or bounce rate may not get its avatar displayed.

Tag reference

TagPurposeExample
vBIMI versionv=BIMI1
lLogo URLl=https://vmc.example.com/00-00.svg
aCertificate URLa=https://vmc.example.com/00-00.pem
sSelector (for multiple logos)s=springlogo