What Is BIMI?
BIMI, or Brand Indicators for Message Identification, is an email standard that displays a brand's verified logo next to its messages in supporting inboxes. It works only for domains that have enforced DMARC and publish a BIMI DNS record pointing to a logo file. BIMI improves brand recognition and trust, and with a Verified Mark Certificate it can show an authenticated logo across major mailbox providers.
- Full name
- Brand Indicators for Message Identification (BIMI Group)
- Prerequisite
- DMARC at enforcement (p=quarantine or p=reject) is required
- Logo format
- SVG Tiny Portable/Secure (SVG P/S) hosted over HTTPS
- Verified logo
- A VMC or CMC certificate is needed for logos at Gmail and others
What is BIMI? #
BIMI stands for Brand Indicators for Message Identification. It is an email specification that lets a brand display its official logo next to its messages in the recipient's inbox, in the avatar spot where an initial or generic icon would otherwise appear. The goal is twofold: help recipients recognize legitimate mail from a brand at a glance, and reward senders who follow strong email-authentication practices. BIMI does not work on its own; it is the visible payoff for having your email authentication in order. Specifically, a domain must have DMARC set to an enforcement policy before BIMI will display, which means BIMI effectively requires you to prove your mail is genuinely yours before your logo appears. Supporting mailbox providers, including Gmail, Yahoo, Apple Mail, and others, read a special DNS record that tells them where to find your logo and, in many cases, a certificate verifying you own that logo. For a US local business, BIMI is an advanced trust and branding step that sits on top of a fully authenticated email setup, which we handle through /services/domains-dns-email.
How does BIMI work technically? #
BIMI relies on DNS and existing authentication. First, your domain must pass SPF and DKIM and have DMARC published at an enforcement policy, either quarantine or reject, since BIMI will not display for a domain that only monitors. Then you create your logo as an SVG Tiny Portable/Secure (SVG P/S) file, a restricted, secure SVG profile, and host it over HTTPS. You publish a BIMI DNS TXT record at a specific subdomain, default._bimi, that points to the logo URL and, optionally, to a verification certificate. When a supporting mailbox provider receives your authenticated mail, it looks up your BIMI record, fetches the logo, checks any certificate, and displays the logo beside your message. If authentication fails or the record is missing, the provider simply shows the usual default avatar with no penalty. The chain of DNS lookups is why a correct DNS configuration underpins the whole thing; see /wiki/what-is-dns for how those records resolve. Below is an example BIMI record for reference. We publish and validate these records for clients as part of a complete email-authentication setup.
; Host / name:
default._bimi.mybusiness.com
; Type: TXT
; Value:
v=BIMI1; l=https://mybusiness.com/bimi/logo.svg; a=https://mybusiness.com/bimi/vmc.pem
; l = URL to the SVG Tiny P/S logo (HTTPS)
; a = URL to the Verified Mark Certificate (optional but
; required by Gmail and several other providers)Why does BIMI require DMARC? #
BIMI is deliberately built on top of DMARC to prevent abuse. If any sender could attach a logo to their mail, spammers would slap trusted brands' logos on phishing messages, and the feature would erode trust rather than build it. By requiring DMARC at an enforcement policy, BIMI ensures that only senders who have proven control of their domain, and who instruct receivers to reject or quarantine unauthenticated mail, can display a logo. In effect, the logo becomes a visible signal that this message genuinely came from the authenticated brand and that impostors are being blocked. This dependency also means implementing BIMI forces good hygiene: you cannot get the branding benefit without first locking down SPF, DKIM, and DMARC. For many businesses, the process of qualifying for BIMI is valuable in itself because it drives them to reach DMARC enforcement, which materially improves deliverability and security regardless of the logo. We often use a client's interest in BIMI as the motivation to complete a full authentication rollout, moving DMARC from monitoring to enforcement safely, as part of /services/domains-dns-email and /services/website-security.
What is a Verified Mark Certificate (VMC)? #
A Verified Mark Certificate, or VMC, is a digital certificate issued by an approved certification authority that confirms your organization legally owns the logo you want to display. Several major mailbox providers, including Gmail, require a VMC before they will show your BIMI logo, precisely because it adds a layer of verified identity beyond just DNS control. Obtaining a VMC generally requires that your logo be a registered trademark, and the issuing authority verifies your organization and trademark before granting the certificate. There is also a related option, a Common Mark Certificate (CMC), which some providers accept for logos that are not registered trademarks, under different conditions. VMCs carry an annual cost and involve a verification process, which is why BIMI with a verified logo is more of a commitment than a quick DNS edit. For a small local business, the decision comes down to whether the branding and trust benefit justifies the trademark and certificate expense. We help clients weigh that and, when it makes sense, coordinate the certificate and the technical setup so the logo actually displays where it counts.
What are the benefits of BIMI? #
The most visible benefit is brand recognition: your logo appears beside every message in supporting inboxes, making your mail instantly identifiable in a crowded list and reinforcing your brand with each send. That recognition tends to build trust, since a verified logo signals a legitimate, authenticated sender rather than a possible impostor, and it can subtly improve engagement because recipients are more comfortable opening mail they recognize. There is also an anti-phishing benefit: because BIMI requires DMARC enforcement, adopting it hardens your domain against spoofing, protecting both your customers and your reputation from fraudsters impersonating you. And the prerequisites themselves, reaching DMARC enforcement, deliver a real deliverability and security upgrade independent of the logo. What BIMI does not do is directly boost inbox placement as a ranking factor; providers reward the underlying authentication, not the logo itself. So the honest framing is that BIMI is a branding and trust enhancement layered on top of strong deliverability fundamentals, most valuable for brands that send enough volume for recognition to matter. We position it that way for clients rather than overselling it as a placement hack.
Which mailbox providers support BIMI? #
Support has grown steadily. Yahoo and AOL were early adopters, and Apple Mail added BIMI support with logo display in recent versions across its devices. Gmail supports BIMI and displays verified logos, but requires a VMC to do so. Various other providers participate to differing degrees, and the list continues to expand as the standard matures. Because support and requirements vary, the same BIMI setup may show your logo at some providers and not others, and some require the verification certificate while others historically displayed a logo with just the DNS record and DMARC enforcement. This uneven landscape means you should set expectations accordingly: BIMI improves your presence where it is supported and simply does nothing where it is not, with no downside. Given that the largest US providers, Gmail, Yahoo, and Apple, all participate, a correctly configured BIMI setup with a VMC reaches a large share of recipients. We track current provider requirements when we implement BIMI for clients so the logo displays as widely as possible, and we test across major inboxes to confirm it renders.
How do you implement BIMI for a business? #
Implementation follows a clear sequence. First, get authentication fully in order: SPF and DKIM passing, and DMARC published and moved to an enforcement policy of quarantine or reject, which is the gating requirement. Second, prepare your logo in the required SVG Tiny Portable/Secure format, a specific secure SVG profile, square and simple enough to read at avatar size, and host it over HTTPS on your domain. Third, if you want display at Gmail and other providers that require it, obtain a Verified Mark Certificate, which generally means having a registered trademark and completing the issuer's verification. Fourth, publish the BIMI DNS TXT record at default._bimi pointing to your logo and certificate. Fifth, test across major inboxes to confirm the logo renders, and validate the record. Because several of these steps, DMARC enforcement, SVG P/S conversion, DNS records, are technical and unforgiving of small errors, most local businesses benefit from having them handled professionally. We manage the full sequence under /services/domains-dns-email, coordinate the certificate when needed, and verify the result so the logo appears reliably rather than silently failing.
Is BIMI worth it for a local business? #
It depends on your sending volume, brand maturity, and budget. BIMI shines for brands that send enough email that recognition compounds, and that have a registered trademark to back a VMC. For a small local business that sends modest volume and lacks a trademarked logo, the certificate cost and setup effort may outweigh the branding gain, and the smarter first move is simply to reach DMARC enforcement, which delivers most of the security benefit without the certificate. For a growing multi-location business or one that sends significant customer mail and wants to stand out in the inbox, BIMI can be a worthwhile trust and branding investment. The key is to sequence it correctly: nail authentication and deliverability first, then add BIMI as a polish layer, not the other way around. We advise clients honestly on whether BIMI fits their stage, and for those not ready, we still complete the DMARC work that BIMI would have required, because that alone improves how mailbox providers, covered in /wiki/what-is-a-mailbox-provider, treat their mail. When a client is ready, we handle the full rollout.
FAQ
What is BIMI?
BIMI, or Brand Indicators for Message Identification, is an email standard that displays a brand's verified logo next to its messages in supporting inboxes. It requires the sending domain to have DMARC at enforcement and to publish a BIMI DNS record pointing to a logo file, and often a certificate. It improves brand recognition and trust.
Do I need DMARC for BIMI?
Yes. DMARC at an enforcement policy of quarantine or reject is a strict prerequisite; BIMI will not display for a domain that only monitors. This dependency prevents spammers from attaching trusted logos to phishing mail. Reaching DMARC enforcement also improves your deliverability and security regardless of whether you finish BIMI.
What is a Verified Mark Certificate?
A VMC is a certificate from an approved authority confirming your organization legally owns its logo, usually requiring a registered trademark. Gmail and several other providers require a VMC before showing your BIMI logo. It carries an annual cost and a verification process, which is why verified BIMI is a real commitment, not a quick DNS edit.
Which providers support BIMI?
Yahoo, AOL, Apple Mail, and Gmail support BIMI, with Gmail requiring a VMC to display logos, and more providers are adopting it. Requirements vary, so the same setup may show your logo at some providers and not others. Since the largest US providers participate, a correct setup reaches many recipients.
Does BIMI improve inbox placement?
Not directly. Providers reward the underlying authentication that BIMI requires, not the logo itself. BIMI is a branding and trust enhancement layered on strong deliverability fundamentals. Its main value is recognition and anti-phishing protection, plus the security gains from reaching DMARC enforcement, rather than acting as a ranking factor.
Is BIMI worth it for a small business?
It depends on volume, brand maturity, and budget. BIMI suits brands that send enough mail for recognition to compound and that hold a registered trademark for a VMC. For very small senders, reaching DMARC enforcement first captures most of the security benefit without the certificate cost. We advise clients on the right timing.
Was this helpful?