BIMI

BIMI is the standard that lets verified senders display their brand logo next to messages in supported email clients. When the recipient sees your message in their inbox, they see your logo as the avatar instead of a generic placeholder or the first letter of your name.

This is the visible reason most organisations finally deploy DMARC properly. The path to BIMI requires DMARC enforcement, which has been "best practice" for a decade but often kept getting deprioritised. BIMI gives marketing and brand teams a concrete reason to push the engineering work through.

Where BIMI displays today:

• Gmail (consumer + Workspace, requires VMC)
• Apple Mail (iOS, macOS, VMC optional)
• Yahoo Mail (VMC optional)
• Fastmail (early adopter)
• La Poste, Orange (regional French)

Microsoft Outlook does NOT yet display BIMI logos. Microsoft has announced support multiple times without delivering. As of 2026, BIMI display in Microsoft remains absent.

BIMI requires four things working together. Missing any one means no logo display.

1. DMARC at p=quarantine or p=reject with pct=100. The single hardest prerequisite to meet. Senders new to DMARC need 60-90 days to ramp from p=none to p=reject without breaking real mail. p=quarantine is the minimum for BIMI; p=reject is what most senders should aim for.

2. BIMI DNS record. A TXT record at default._bimi.<domain>:

default._bimi.example.com. IN TXT "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"

The l= tag points to the logo SVG. The a= tag points to the VMC if you have one (required for Gmail).

3. Conformant SVG logo. Standard SVG isn't enough. The format is a constrained subset called "BIMI Profile" or "SVG Tiny PS." Square aspect ratio, no JavaScript, no external references, no embedded raster images, solid background. Most existing brand SVGs need to be converted by a designer who understands the profile.

4. Verified Mark Certificate. Required for Gmail BIMI display. Issued by Mark Verifying Authorities (DigiCert, Entrust). Verifies trademark ownership of the logo. Costs €1,000-1,800 per year per VMC. Apple Mail and Yahoo accept BIMI without VMC, so partial BIMI deployment is possible if you skip the VMC and accept that Gmail won't display.

To check whether your domain meets the four prerequisites: use our free BIMI Eligibility Checker. Validates DMARC enforcement, BIMI DNS record, SVG profile compliance, and VMC presence in one lookup.

BIMI Profile is a strict subset of SVG. The constraints exist because email clients need to render BIMI logos safely without security risk or rendering surprises.

• Square aspect ratio. 1:1 viewBox. The logo will display in circular or rounded-square containers; non-square breaks the visual.
• No JavaScript. No <script> tags, no event handlers, no scripted animations.
• No external references. No href= or xlink:href= pointing to other resources. Everything must be inline.
• No embedded raster images. No <image> tags with PNG or JPEG data. Pure vector only.
• Solid background. No transparency. Recipients see the logo against a solid color.
• File size under ~32KB. Larger files get rejected.
• Specific XML structure. Particular SVG attributes required (baseProfile="tiny-ps", specific namespace declarations).

Validators exist to check conformance: BIMI Group's validator, plus the major MVAs (DigiCert, Entrust) all run validation as part of VMC issuance. Don't skip pre-validation; rejected logos delay the entire deployment.

The VMC is what makes BIMI hard for many senders. Specifically:

• Trademark requirement. The logo you want to display has to be a registered trademark. National trademark registration in the US, EU, UK, or similar (at least one major jurisdiction). Companies without registered trademarks cannot get a VMC.
• Identity verification. The MVA verifies your organisation identity beyond just trademark: corporate registration, beneficial ownership, primary contacts. KYC-style process at the certificate level.
• Cost. €1,000-1,800 per year per VMC. Renewal annually.
• Issuance timeline. 1-3 weeks for the verification process. Can be faster with pre-prepared documentation.
• One VMC per logo. Companies with multiple brands need separate VMCs for each.

Common Marks Certificate (CMC) is a less restrictive alternative for unregistered marks but is supported by far fewer mail clients. For most senders, full VMC for Gmail or accepting partial BIMI without VMC are the realistic choices.

End-to-end BIMI deployment for a sender starting from no DMARC:

1. Days 1-7: DMARC at p=none, monitoring. Set up rua= reporting, audit results, identify all legitimate senders.
2. Days 8-30: Authentication cleanup. Fix every legitimate sender that's failing alignment. SPF includes, DKIM signing, subdomain authentication.
3. Days 30-45: DMARC at p=quarantine pct=10, then 25, then 50. Gradually increase enforcement. Watch reports for unexpected failures.
4. Days 45-75: DMARC at p=quarantine pct=100. Full enforcement at the quarantine level. BIMI now eligible for Apple/Yahoo display if you also publish the BIMI record and conformant logo.
5. Days 75-90: DMARC at p=reject. Promote to reject. BIMI fully eligible.
6. Parallel work (any time): SVG conversion (1-2 weeks with a designer who knows the profile), VMC application (1-3 weeks issuance).
7. Day 90+: BIMI live. Logo starts displaying within 24-72 hours of all four prerequisites being met. Receiver-side caching can cause some lag.

Senders already at DMARC enforcement skip steps 1-5. The real timeline for them is just SVG + VMC, around 4-6 weeks.

Not every sender benefits equally:

• Strong fit: B2C consumer brands with significant Gmail audience, where logo display affects customer trust and engagement. Retail, financial services, identity-sensitive brands.
• Moderate fit: B2B senders with strong brand recognition and Gmail-heavy customer base. Logo display reinforces brand presence in business inboxes.
• Weak fit: Senders with predominantly Microsoft 365 audience (since Microsoft doesn't display BIMI). Internal corporate mail. Very small senders without registered trademarks.
• Wrong tool: Senders running cold outreach or not-quite-opt-in mail. BIMI requires DMARC enforcement and a registered trademark; both are barriers that often signal "this isn't a good fit for our use case."

For senders who fit well, BIMI is one of the few visible payoffs of doing email authentication right. The work is real, but the result is concrete and customer-facing.

The BIMI deployment path proceeds in a specific sequence because each step depends on the previous one being complete. Skipping steps or attempting them out of order produces predictable failure modes.

Step 1: complete DMARC deployment at p=quarantine or p=reject with pct=100. BIMI requires DMARC at this enforcement level; partial DMARC (p=none, or pct below 100) does not qualify. Most operators complete this prerequisite during their broader 2026 DMARC deployment work; BIMI eligibility is a side effect of completing the DMARC ramp rather than a separate workstream.

Step 2: prepare the logo file in BIMI-compliant SVG format. The specification (BIMI SVG Tiny PS profile) requires specific SVG constraints: square aspect ratio, specific color profile, no scripts or external references, limited filter operations. Most logos require conversion work to comply; vector graphic designers familiar with BIMI requirements complete the conversion in hours rather than days. Validation tools (BIMI Group reference validator, several commercial services) confirm compliance before deployment.

Step 3: host the logo file at an HTTPS-accessible URL. The URL must serve the logo with appropriate Content-Type, valid certificate, no redirects. Static hosting on CDN infrastructure is the standard pattern. The URL becomes part of the BIMI DNS record and must remain stable; changing it requires DNS updates and produces transitional periods where some receivers see old configuration and others see new.

Step 4: obtain a Verified Mark Certificate (VMC) from an authorized CA. DigiCert and Entrust are the two issuing CAs as of 2026. The VMC application requires proof of trademark registration for the logo, which is the largest practical barrier to BIMI deployment for operators without registered trademarks. The certificate costs USD 1,500-1,800 annually and takes 2-6 weeks to issue depending on documentation completeness.

Step 5: publish the BIMI DNS record. Format: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem. The l= value points to the SVG logo, the a= value points to the VMC certificate. Once published and after receiver-side propagation (typically 24-72 hours), supporting receivers begin displaying the logo for authenticated mail from the domain.