BIMI for Email Marketers: Display Your Brand Logo in the Inbox

deliverabilityBIMI for Email Marketers: Display Your Brand Logo in the Inbox

Your subscribers see dozens of emails every morning. Most show a generic initial or a grey silhouette next to the sender name. A few display a crisp, recognizable brand logo — the company's actual mark, verified and rendered by the mailbox provider itself. Those logos are not decorative. They are the result of BIMI, a DNS-based standard that ties your authenticated email identity to a published brand image, giving recipients an immediate visual trust signal before they even read the subject line.

BIMI — Brand Indicators for Message Identification — has moved from experimental curiosity to operational priority. Gmail, Apple Mail, Yahoo, and Fastmail all support it. In 2026, with inbox competition intensifying and mailbox providers tightening authentication enforcement, BIMI sits at the intersection of brand visibility and deliverability infrastructure. But implementing it correctly requires more than uploading a logo. It demands DMARC enforcement, a specific image format, and in most cases a Verified Mark Certificate. Getting any of these wrong means your logo simply does not appear.

How BIMI Works

BIMI operates through a chain of verification that connects your sending domain's authentication posture to a published brand image.

The Verification Chain

  1. You send an email from your domain with valid SPF and DKIM signatures.
  2. The receiving mailbox provider checks your DMARC record. BIMI requires a DMARC policy of p=quarantine or p=rejectp=none disqualifies you entirely.
  3. DMARC alignment passes. The d= domain in your DKIM signature or the envelope sender in SPF aligns with your From: header domain.
  4. The provider queries your BIMI DNS record at default._bimi.<your-domain>. This TXT record contains two fields: l= (the URL of your logo in SVG Tiny PS format) and optionally a= (the URL of your Verified Mark Certificate).
  5. The provider fetches and validates your logo. If a VMC is required (Gmail requires it; Apple Mail and Yahoo do not for all senders), the provider also validates the certificate chain.
  6. The logo renders next to your message in the recipient's inbox.

If any step fails — DMARC not enforced, alignment broken, SVG in the wrong format, VMC expired — the logo does not display. There is no fallback. The recipient sees the default avatar.

The DNS Record

A BIMI record is a TXT record published at default._bimi.example.com with this structure:

v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/cert.pem
  • v=BIMI1 — Version identifier (required).
  • l= — HTTPS URL pointing to your logo file in SVG Tiny PS format (required). Must be served over HTTPS with a valid certificate.
  • a= — HTTPS URL pointing to your PEM-encoded Verified Mark Certificate (required by Gmail; optional for some other providers). Set to a=self if you are not using a VMC, though this limits which providers will display your logo.

Prerequisites: Authentication Must Be Airtight

BIMI is not an alternative to email authentication — it is a layer that sits on top of it. If your authentication foundation has gaps, BIMI will not work regardless of how perfect your logo is.

DMARC at Enforcement

Your DMARC policy must be p=quarantine or p=reject. This is the single most common blocker for organizations attempting BIMI. Many domains still operate at p=none, which only monitors authentication failures without taking action. Moving to enforcement requires confidence that all legitimate sending sources are properly authenticated — otherwise you risk quarantining or rejecting your own mail.

Before changing your DMARC policy:

  • Audit every system that sends email on behalf of your domain: your ESP, transactional email service, CRM, marketing automation platform, helpdesk, and any SaaS tools that send notifications.
  • Ensure each source has a valid DKIM signature with d= alignment to your From: domain.
  • Include each source's sending IPs in your SPF record (or rely on DKIM alignment if SPF lookup limits are a concern).
  • Monitor DMARC aggregate reports (rua) for at least two to four weeks at p=none before stepping up to p=quarantine, then to p=reject.

SPF and DKIM Alignment

BIMI requires that DMARC passes with alignment, meaning either:

  • SPF alignment: The Return-Path domain matches the From: header domain (or is a subdomain of it, under relaxed alignment).
  • DKIM alignment: The d= domain in the DKIM signature matches the From: header domain.

In practice, DKIM alignment is more reliable because SPF breaks when email is forwarded. Most BIMI implementations rely on DKIM as the primary alignment mechanism.

The SPF 10-Lookup Limit

Organizations with multiple sending services frequently hit SPF's 10 DNS lookup limit. Each include: mechanism in your SPF record counts as a lookup, and exceeding the limit causes SPF to return permerror, which fails DMARC. Before implementing BIMI, audit your SPF record with a lookup counter. If you are at or near the limit, consolidate includes, use IP addresses directly for stable services, or split sending across subdomains with dedicated SPF records.

Creating Your BIMI Logo

BIMI logos must conform to a specific format. This is where a surprising number of implementations fail — the logo looks fine in a browser but is rejected by mailbox providers because it does not meet the SVG Tiny PS specification.

Format Requirements

  • SVG Tiny PS (Portable/Secure): This is a restricted subset of SVG Tiny 1.2. It strips out scripting, external references, and certain interactive elements. A standard SVG exported from Illustrator or Figma will almost certainly not comply.
  • Square aspect ratio: The image must be perfectly square. Non-square logos need to be centered within a square canvas with appropriate padding.
  • No text elements: Text in the SVG must be converted to outlines/paths. Raw <text> elements are rejected.
  • No external references: No linked images, fonts, or stylesheets. Everything must be inline.
  • File size: Keep it under 32 KB. Providers may refuse to fetch larger files.
  • HTTPS hosting: The URL in your BIMI record must use HTTPS with a valid, non-expired TLS certificate.

Conversion Workflow

  1. Start with your brand logo in vector format (AI, EPS, or standard SVG).
  2. Convert all text to outlines.
  3. Ensure the artboard is square and the logo is centered.
  4. Export as SVG.
  5. Run the exported file through an SVG Tiny PS converter or validator. The BIMI Working Group provides an open-source tool for this purpose.
  6. Validate the output against the BIMI SVG specification. Check that no <script>, <foreignObject>, or external xlink:href elements remain.
  7. Host the validated SVG at a stable HTTPS URL that will not change.

Verified Mark Certificates

A Verified Mark Certificate is a digital certificate issued by a recognized Certificate Authority that binds your trademarked logo to your domain. Gmail requires a VMC for BIMI logo display. Apple Mail, Yahoo, and Fastmail currently display BIMI logos without requiring a VMC for all senders, though this may change.

Obtaining a VMC

  1. Trademark your logo. The logo must be registered as a trademark with a recognized intellectual property office (USPTO, EUIPO, UKIPO, CIPO, JPPO, and others). The trademark must be active, not pending.
  2. Choose a Certificate Authority. As of 2026, DigiCert and Entrust are the primary VMC issuers. The verification process includes confirming your trademark registration, domain ownership, and organization identity.
  3. Complete validation. The CA verifies that the logo in the certificate request matches your registered trademark and that you control the domain. This process typically takes one to four weeks.
  4. Receive and deploy your VMC. The certificate is a PEM file that you host at an HTTPS URL and reference in the a= field of your BIMI DNS record.

VMC Cost and Renewal

VMCs are not free. Annual costs range from approximately $1,000 to $1,500 depending on the CA and the number of logos covered. Certificates are valid for one year and must be renewed before expiration — an expired VMC immediately stops your logo from displaying on Gmail.

Common BIMI Implementation Mistakes

Industry analysis in 2026 suggests that roughly half of domains with BIMI DNS records have configuration errors that prevent logo display. These are the most frequent failures.

DMARC Still at p=none

The most common mistake. Teams publish the BIMI DNS record and upload their logo but never move their DMARC policy to enforcement. The BIMI record is ignored entirely because the prerequisite is not met.

SVG Format Non-Compliance

Standard SVGs exported from design tools fail the Tiny PS specification. Embedded fonts, linked images, JavaScript handlers, and non-square dimensions are all disqualifying. Always validate with a BIMI-specific SVG checker, not just a generic SVG validator.

VMC-Logo Mismatch

The logo in your VMC must visually match the logo hosted at your BIMI URL. If you update your brand logo, you need a new VMC — you cannot simply swap the SVG file and keep the old certificate.

Mixed Sending Domain Architecture

Organizations that send from multiple subdomains (marketing.example.com, alerts.example.com) need BIMI records for each subdomain, or a single record on the organizational domain with DMARC alignment configured appropriately. A BIMI record on example.com does not automatically apply to marketing.example.com.

Broken HTTPS Hosting

The logo URL returns a 404, the TLS certificate expired, or the server blocks automated fetches. Mailbox providers will not retry failed fetches — your logo simply does not display until the hosting issue is resolved.

Key Metrics and BIMI Readiness Checklist

Metrics to Monitor

Metric What to Check Tool
DMARC policy level Must be quarantine or reject DNS lookup or DMARC monitoring service
DMARC aggregate report pass rate > 99% alignment before enforcing DMARC report analyzer
SPF lookup count Must be ≤ 10 SPF record checker
BIMI SVG validation Must pass Tiny PS spec BIMI SVG validator
VMC expiration date Must be current Certificate monitoring
Logo URL availability HTTPS 200 response, < 32 KB Uptime monitoring

Implementation Checklist

  • DMARC policy at p=quarantine or p=reject with > 99% pass rate
  • SPF record valid and under 10 lookups
  • DKIM signing active with d= alignment to From: domain
  • Logo converted to SVG Tiny PS format and validated
  • Logo hosted at stable HTTPS URL (< 32 KB, valid TLS)
  • VMC obtained and hosted at HTTPS URL (required for Gmail)
  • BIMI TXT record published at default._bimi.<domain>
  • Test with BIMI lookup tools to confirm record discovery and logo rendering
  • Monitor logo display across Gmail, Apple Mail, and Yahoo
  • Set calendar reminder for VMC renewal (annual)

The 2026 BIMI Landscape

BIMI adoption has accelerated significantly. Gmail's requirement for VMCs created an initial barrier, but as more organizations achieved DMARC enforcement — driven by the 2024 bulk sender requirements — the prerequisite gap has narrowed. Several developments are shaping the current landscape.

Broader provider support. Beyond Gmail, Apple Mail, Yahoo, and Fastmail, additional mailbox providers are evaluating BIMI support. Each provider implements rendering slightly differently — logo size, shape (circle crop vs. square), and placement vary — so test how your logo appears across clients.

Common Mark Certificates. The BIMI standard includes provisions for Common Mark Certificates (CMCs), which would allow logo display without a registered trademark. CMC support is still limited, but it could open BIMI to smaller organizations and startups that lack trademark registrations.

BIMI and ARC interplay. Authenticated Received Chain (ARC) helps preserve authentication results when email is forwarded through mailing lists or forwarding services. As ARC adoption grows, BIMI logos are more likely to survive forwarding scenarios that would previously have broken DMARC alignment and suppressed the logo.

Engagement impact. While controlled studies are limited, early adopters consistently report that BIMI-enabled messages see measurably higher open rates compared to identical messages without logo display. The visual differentiation in a crowded inbox appears to function as a trust accelerator, particularly for transactional and time-sensitive messages where recipients need to quickly identify the sender.

Conclusion

BIMI connects your email authentication infrastructure to a visible brand signal in the recipient's inbox. The implementation path is straightforward but unforgiving: DMARC must be at enforcement, DKIM alignment must be clean, the logo must meet SVG Tiny PS specifications exactly, and Gmail requires a Verified Mark Certificate backed by a registered trademark. The organizations that succeed with BIMI are those that treat it as the final layer of an authentication stack they have already built correctly — not as a standalone project. Start by confirming your DMARC policy and alignment rates, convert your logo to the correct format, obtain a VMC if targeting Gmail, publish your DNS record, and validate the entire chain with BIMI-specific testing tools before expecting logo display in production.

Join 1,000+ CompaniesImproving Email Deliverability

Start with 200 free validations. Upgrade only when you're ready.

Create Free Account

No credit card required • Cancel anytime