Implementing BIMI Records: A Step-by-Step Technical Guide to Display Your Brand Logo in the Inbox

Implementing BIMI Records: A Step-by-Step Technical Guide to Display Your Brand Logo in the Inbox

Implementing BIMI Records: A Step-by-Step Technical Guide to Display Your Brand Logo in the Inbox

Brand Indicators for Message Identification (BIMI) allows organizations to display their registered brand logo next to authenticated email messages in supporting inboxes. This standard enhances brand visibility and builds recipient trust. BIMI relies on strong email authentication protocols to verify sender identity.

Implementing BIMI requires careful adherence to technical specifications. This guide outlines the necessary steps for email infrastructure engineers. It focuses on the prerequisites, logo preparation, and DNS record configuration.

Understanding BIMI Prerequisites

BIMI is built upon a foundation of robust email authentication. Without these foundational protocols, BIMI will not function. Organizations must implement and enforce specific standards before attempting BIMI deployment.

The primary prerequisite for BIMI is a DMARC policy set to enforcement. This means your domain's DMARC record must specify p=quarantine or p=reject. A p=none policy is insufficient for BIMI adoption. DMARC ensures that only authenticated emails from your domain reach the inbox.

Email authentication relies on two core protocols: SPF and DKIM. Sender Policy Framework (SPF), defined in RFC 7208, authorizes specific IP addresses to send email on behalf of your domain. DomainKeys Identified Mail (DKIM), detailed in RFC 6376, uses cryptographic signatures to verify that an email was not altered in transit. Both SPF and DKIM must be correctly configured and aligned with your DMARC policy.

Ensuring DMARC Enforcement

DMARC (Domain-based Message Authentication, Reporting & Conformance), specified in RFC 7489, provides a framework for email senders to indicate that their emails are protected by SPF and DKIM. It also instructs receiving mail servers on how to handle messages that fail authentication. For BIMI, DMARC alignment is non-negotiable.

Your DMARC policy must be at an enforcement level. A p=quarantine policy instructs receiving servers to place unauthenticated messages into spam or junk folders. A p=reject policy tells servers to outright refuse delivery of such messages. Moving from p=none to an enforcement policy requires careful monitoring of DMARC reports to identify and resolve any legitimate email streams failing authentication.

Verify your SPF record is correctly published and includes all authorized sending sources. You can use our SPF checker to validate your SPF setup. Similarly, ensure all your outbound mail streams are signing messages with DKIM. DMARC reports will show authentication failures and alignment issues. Address these issues before moving to an enforcement policy.

Preparing Your Brand Logo and VMC

Successful BIMI implementation depends on a correctly prepared brand logo and, for major mailbox providers, a Verified Mark Certificate (VMC). These elements provide the visual and cryptographic proof of your brand identity.

Your brand logo must adhere to specific technical requirements. The file format must be SVG Tiny P/S (SVG-PS). This SVG profile ensures broad compatibility and security. The logo should have a square aspect ratio and a solid background. It must not contain text or other elements that could be misinterpreted or cause rendering issues.

A Verified Mark Certificate (VMC) is a digital certificate that cryptographically binds your registered trademark logo to your domain. Major mailbox providers like Gmail and Apple Mail require a VMC for BIMI display. VMCs are issued by Certificate Authorities (CAs) approved by the CA/Browser Forum, such as Entrust or DigiCert. Obtaining a VMC involves proving ownership of the trademarked logo to the CA. This process confirms the authenticity of your brand identity.

Creating and Publishing the BIMI DNS Record

The final step involves publishing a BIMI record in your domain's DNS. This TXT record points to your SVG logo file and, if applicable, your VMC. The record structure is standardized and must be precise.

The BIMI record is a TXT record published under a specific subdomain. The hostname should be default._bimi.yourdomain.com. The record value contains several tags.

Here is the standard format for a BIMI DNS record:
v=BIMI1; l=SVG_URL; a=VMC_URL;

  • v=BIMI1: This tag specifies the BIMI version. Currently, BIMI1 is the only valid version.
  • l=SVG_URL: This tag provides the HTTPS URL to your SVG logo file. The URL must be publicly accessible and served over HTTPS.
  • a=VMC_URL: This tag is optional but highly recommended. It provides the HTTPS URL to your VMC .pem file. This URL must also be publicly accessible and served over HTTPS.

Here is an example of a complete BIMI DNS TXT record:

Host: default._bimi.yourdomain.com
Type: TXT
Value: "v=BIMI1; l=https://cdn.yourdomain.com/bimi/logo.svg; a=https://cdn.yourdomain.com/bimi/vmc.pem;"

Ensure the URLs for your SVG and VMC are stable and correctly configured with appropriate Content-Type headers. The SVG should be served with image/svg+xml and the VMC with application/pem-certificate. After publishing the DNS record, allow for propagation time. Use online BIMI validators to confirm the record is correctly configured and accessible. Send test emails to supported mailbox providers to verify logo display.

Improve Your Email Deliverability Instantly

Before you hit send on your next outbound campaign, scan your copy for spam triggers, verify your domain SPF/DKIM records, and test your SMTP inbox placement for free.

Explore 18+ Free Email Tools