BIMI (Brand Indicators for Message Identification) displays your brand logo next to your email in the recipient's inbox — in Gmail, Yahoo Mail, Apple Mail, and other supporting clients. It is the visible reward for implementing DMARC enforcement: once your domain reaches p=quarantine or p=reject, you become eligible to publish a BIMI record and have your logo appear alongside your messages. Studies from participating senders show open rate lifts of 4–6% from BIMI logo display alone — a significant return for a one-time infrastructure change.

39%
Open rate lift reported by BIMI adopters (Valimail/Red Sift data)
p=reject
DMARC policy required — p=none does not qualify
VMC/CMC
Certificate required for Gmail — Yahoo allows self-asserted
SVG Tiny-PS
Logo format required — standard SVG may not qualify

Prerequisites Before Publishing Your BIMI Record

BIMI requires a complete authentication stack to function. Publishing a BIMI record without meeting every prerequisite results in the logo not appearing — there is no error message; the mailbox provider simply ignores the BIMI record silently. Verify each prerequisite before attempting configuration.

PrerequisiteRequirementHow to verifyStatus check
SPFValid record, passes for all sending sourcesMXToolbox SPF checkMust show spf=pass in Authentication-Results
DKIM2048-bit key signing all outbound mailmail-tester.comdkim=pass, d= matches From: domain
DMARCp=quarantine or p=reject, pct=100MXToolbox DMARCdmarc=pass; p=none disqualifies BIMI
Logo formatSVG Tiny Portable/Secure (SVG-P/S), square, ≤32 KBBIMI Group Inspectorbimigroup.org/bimi-generator
Logo hostingHosted at HTTPS URL on your domaincurl -I your-logo-urlMust return 200 with valid SVG content-type
Mark CertificateVMC or CMC for Gmail; self-asserted OK for YahooCA issuance emailPEM file hosted at HTTPS URL

VMC vs CMC vs Self-Asserted — Which Do You Need?

The certificate requirement is the most confusing part of BIMI because it differs by mailbox provider. Yahoo and some smaller providers display your logo without any certificate — a self-asserted BIMI record is sufficient. Gmail requires either a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC). Apple Mail uses Apple Business Connect, which is separate from BIMI entirely.

BIMI Certificate Requirements by Mailbox Provider (2025)

ProviderSelf-assertedCMC required?VMC required?Blue checkmark?
Yahoo Mail / AOLYes — logo displaysNo (optional)No (optional)No
GmailNo — ignoredYes — logo displaysYes — logo + checkmarkVMC only
Apple MailApple Business Connect (separate)N/AN/ANo
FastmailYes — logo displaysNoNoNo
Outlook / Microsoft 365Limited — testingTBCTBCNo (yet)

The difference between VMC and CMC: a VMC requires your logo to be a registered trademark with one of 17 recognized intellectual property offices (USPTO, EUIPO, UKIPO, etc.). A CMC does not require trademark registration — it verifies logo ownership and domain association without the trademark requirement. Both are issued by DigiCert or Entrust. VMCs trigger Gmail's blue verification checkmark; CMCs display the logo without the checkmark.

Publishing the BIMI DNS Record

The BIMI record is a TXT record published at default._bimi.yourdomain.com. It contains two fields: l= (the URL of your SVG logo) and a= (the URL of your PEM certificate file — required for Gmail). For Yahoo-only BIMI without a certificate, the a= field is omitted.

BIMI DNS records — self-asserted (Yahoo) and certified (Gmail)
# Self-asserted BIMI — works for Yahoo, Fastmail (not Gmail)
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://images.yourdomain.com/logo/bimi-logo.svg;"

# Certified BIMI — required for Gmail (VMC or CMC)
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://images.yourdomain.com/logo/bimi-logo.svg; a=https://images.yourdomain.com/logo/bimi-certificate.pem"

# Verify the record after publishing (propagation up to 48h):
$ dig TXT default._bimi.yourdomain.com +short
"v=BIMI1; l=https://images.yourdomain.com/logo/bimi-logo.svg; a=https://images..."

# Test with BIMI Group Inspector:
# https://bimigroup.org/bimi-generator/
# Enter your domain and it will check DMARC, logo, certificate, and record format

SVG Logo — Format Requirements

The most common BIMI implementation failure is logo format. Standard SVG files exported from Illustrator or Figma do not meet BIMI's SVG Tiny Portable/Secure (SVG-P/S) profile requirement. The SVG must be square (1:1 aspect ratio), have no transparent background, be under 32 KB, and conform to the SVG Tiny 1.2 profile with specific namespace requirements.

Valid BIMI SVG-P/S file header (required structure)
<?xml version="1.0" encoding="UTF-8"?>
<svg xmlns="http://www.w3.org/2000/svg"
     xmlns:xlink="http://www.w3.org/1999/xlink"
     version="1.2"
     baseProfile="tiny-ps"
     viewBox="0 0 100 100">
  <!-- Logo content here -->
  <!-- No JavaScript, no external references, no filters -->
  <!-- Background must be non-transparent -->
  <rect width="100" height="100" fill="#ffffff"/>
  <!-- Your logo paths here -->
</svg>

# Key requirements:
# version="1.2" and baseProfile="tiny-ps" are MANDATORY
# Square viewport (viewBox width == height)
# Non-transparent background (white or brand color rect covering full canvas)
# No external resources, scripts, or animations
# File size must be under 32 KB
# Validate at: https://bimigroup.org/bimi-generator/
▶ BIMI implementation — step-by-step deployment
1
Confirm DMARC is at p=quarantine or p=reject, pct=100 — Run MXToolbox DMARC check. p=none disqualifies BIMI. pct less than 100 is not accepted.
2
Prepare your SVG in SVG Tiny-PS format — Export from Illustrator as SVG Tiny 1.2, then edit the file header to change baseProfile to "tiny-ps". Validate with the BIMI Group Inspector before proceeding.
3
Host the SVG at a public HTTPS URL on your domain — The URL must be on the same or related domain as your sending domain. Confirm curl -I returns HTTP 200 with content-type: image/svg+xml.
4
Obtain a VMC or CMC if Gmail is required — Apply through DigiCert or Entrust. Budget 2–4 weeks for VMC validation (trademark verification required). CMC is faster (no trademark needed). You receive a PEM file on completion.
5
Host the PEM certificate at a public HTTPS URL — Upload the PEM file (including intermediate CA chain) to your web server. Confirm it is accessible via curl before adding to DNS.
6
Publish the BIMI TXT record at default._bimi.yourdomain.com — Include both l= (SVG URL) and a= (PEM URL) fields. Wait 24–48 hours for propagation. Verify with dig TXT default._bimi.yourdomain.com.

BIMI Troubleshooting — Why Your Logo Is Not Appearing

After publishing the BIMI record, logos typically appear within 24–48 hours in Yahoo and 48–72 hours in Gmail. If your logo is not appearing after 72 hours, work through this checklist in order. The BIMI Group Inspector at bimigroup.org provides a diagnostic report that covers most common failures.

SymptomLikely causeFix
Logo shows in Yahoo, not GmailCertificate missing or invalidAdd VMC or CMC PEM file to a= field
Logo not showing anywhereDMARC not at enforcement or pct < 100Move DMARC to p=quarantine pct=100 minimum
BIMI Group Inspector shows logo errorSVG format not SVG Tiny-PSRe-export and validate SVG profile headers
Certificate error in inspectorPEM chain incomplete or HTTP URLAppend intermediate CA certs; confirm HTTPS
Logo appears but distortedNon-square viewBox or transparencySet equal width/height, add opaque background
📋 Client case — SaaS platform, 150K monthly sends to Gmail

Situation: BIMI record published, logo appeared in Yahoo within 24 hours. Never appeared in Gmail after 3 weeks. DMARC at p=reject, pct=100.
Diagnosis: BIMI Group Inspector showed: "Certificate not found at a= URL — HTTP 404". The PEM file had been uploaded to the correct server but with a typo in the filename in the DNS record.
Fix: Corrected the PEM URL in the BIMI TXT record. GMail logo appeared within 48 hours after DNS propagation. Also discovered the SVG had a transparent background — replaced with white rect to meet SVG-P/S profile. Blue verification checkmark appeared in Gmail after VMC validation completed.