What is BIMI & How Does It Display Your Logo In Email?

BIMI (Brand Indicators for Message Identification) displays your brand logo next to emails in recipients’ inboxes (Gmail and Apple Mail inboxes) — a visual trust signal that rewards strong authentication. 

The prerequisites are steep: 

1. DMARC at enforcement
2. A VMC tied to a trademarked logo
3. An SVG meeting precise specifications

You need SPF, DKIM, and DMARC already configured and enforced before BIMI does anything useful. Also, know that BIMI isn’t an email deliverability fix. 

With roughly 17% of marketing emails failing to reach inboxes, standing out matters — but the logo is a reward for authentication you’ve already completed, not a shortcut around it. 

Let’s explore related concepts with BIMI in more detail:

How does BIMI actually work?

The protocol layers on top of your existing authentication stack. When everything aligns correctly, mailbox providers display your logo automatically.

The workflow

Five steps happen behind the scenes:

1. You publish a BIMI record in DNS, pointing to your logo and certificate
2. Email arrives atthe recipient’s mailbox provider
3. Provider authenticates via SPF, DKIM, and DMARC
4. If authentication passes, the provider queries DNS for your BIMI record
5. Valid record found means the logo displays next to your message

What happens when authentication fails? No logo. BIMI doesn’t bypass anything — recipients see a generic avatar instead, and you might not realize why for weeks.

Authentication chain

BIMI sits at the top of the email authentication hierarchy. Without the layers beneath it, nothing displays.

• DKIM proves message integrity
• SPF record authorizes sending servers
• DMARC ties them together and sets the enforcement policy

Miss any piece, and BIMI fails silently. The frustrating part is that failures are invisible — you won’t get error messages or bounce notifications.

What does BIMI require before implementation?

The prerequisites are non-negotiable. Skip one and the entire system breaks (which sounds dramatic, but it’s accurate).

DMARC enforcement

BIMI demands DMARC at the enforcement level, not monitoring mode.

Setting	Requirement
Policy (p=)	quarantine or reject
Percentage (pct=)	100
Alignment	SPF or DKIM must align with From domain

Policies set to p=none don’t qualify. Microsoft’s authentication mandate (enforced May 5, 2025) already requires SPF, DKIM, and DMARC for bulk senders. If you’re compliant with Microsoft’s requirements, you’re halfway to BIMI readiness — the remaining gap is moving from p=none to enforcement.

Logo specifications

Your existing logo file almost certainly won’t work. BIMI requires precise formatting that most brand assets don’t meet out of the box.

Requirement	Specification
Format	SVG Tiny Portable/Secure (SVG Tiny PS)
Shape	Square, 1:1 aspect ratio
Size limit	32KB or smaller
Minimum dimensions	96×96 pixels
Background	Solid color (transparent may not render)

A few elements are explicitly prohibited:

• Animations
• Scripts or JavaScript
• External links or references
• Text (must convert to outlines)

The SVG Tiny PS profile is stricter than standard SVG. Most designers haven’t heard of this format — you’ll likely need a BIMI-specific converter or manual preparation in a vector editor.

Do you need a Verified Mark Certificate?

Whether you need a VMC depends entirely on which inboxes matter to your business.

Provider	VMC required?
Gmail	Yes
Apple Mail	Yes
Yahoo Mail	No (pilot program)
AOL Mail	No (pilot program)
Fastmail	No

Gmail and Apple Mail require VMC verification. No certificate means no logo display — regardless of how perfectly you’ve configured everything else.

VMC requirements

Obtaining a VMC involves more than technical configuration.

• Logo must be trademarked with a recognized intellectual property office
• Certificate Authorities (DigiCert, Entrust) verify trademark ownership
• The trademark process takes 6-12 months if not already registered
• Certificate costs approximately $1,000-1,500 annually

The CA issues a PEM file containing your SVG logo embedded within the certificate. The file gets hosted on your server and referenced in your BIMI DNS record.

CMC alternative

If trademarking isn’t feasible, Common Mark Certificates offer a limited alternative. CMCs don’t require trademark registration but have restricted provider support — Yahoo and Fastmail may accept them, while Gmail and Apple Mail won’t.

For brands serious about Gmail visibility (and Gmail processes nearly half of all email opens), the VMC path is unavoidable.

Which email providers support BIMI?

Provider support has grown substantially since Gmail joined in 2021, though one major holdout remains conspicuously absent.

Provider	Support	Notes
Gmail	Yes	Checkmark appears next to verified senders
Apple Mail	Yes	iOS 16+, macOS Ventura 13+
Yahoo Mail	Yes	High-reputation domains in pilot
AOL Mail	Yes	Pilot program
Fastmail	Yes	Works for sent and received
Outlook/Office 365	No	No announced plans

Microsoft’s absence is notable. If your audience skews heavily toward Outlook and Office 365 (common in B2B environments), BIMI provides limited visibility benefit.

Display caveats

Even with a valid VMC, mailbox providers apply their own heuristics before displaying your logo. Several factors influence the decision:

• Spam scoring
• Sender reputation
• Engagement history
• Overall sending behavior

A technically perfect BIMI setup paired with a poor email reputation might still result in no logo display. The providers want to show logos from senders and recipients’ trust — BIMI gives them a verified asset, but they still decide whether to display it.

How do you implement BIMI?

Once prerequisites are met, implementation involves three main phases.

Prepare logo

Convert your brand logo to SVG Tiny PS format, meeting all specifications. Test with BIMI validator tools before proceeding — discovering format issues after DNS propagation wastes time.

The conversion process typically requires:

1. Exporting to SVG from your vector editor
2. Modifying attributes to meet Tiny PS requirements
3. Ensuring file size stays under 32KB
4. Testing against BIMI validation tools

Obtain certificate

For Gmail and Apple Mail visibility, apply for a VMC through DigiCert or Entrust. Provide trademark documentation and your prepared SVG file. 

The Certificate Authority verifies ownership and issues your PEM file (usually within days, assuming documentation is complete).

Append intermediate and root CA certificates to the PEM file in the correct order before uploading to your server.

Publish DNS

Create a TXT record at default._bimi.[yourdomain.com] with this format:

v=BIMI1; l=https://[logo-url]; a=https://[certificate-url]

Host both files on an HTTPS server using TLS 1.2 or later. After DNS propagation (typically 24-48 hours), send test emails to Gmail and Yahoo accounts to verify logo display.

Is BIMI worth the investment?

The answer depends on where you’re starting and what you’re hoping to achieve.

When it makes sense

BIMI fits naturally when:

• Your logo is trademarked
• You already have DMARC in enforcement
• Your audience uses Gmail and Apple Mail primarily
• Brand recognition in the inbox carries strategic value

The implementation cost (VMC fees plus technical setup) pays off through increased brand visibility and the trust signal a verified logo provides.

When to skip it

BIMI probably isn’t worth it when:

• Your logo isn’t trademarked (and you don’t want to invest in that process)
• You’re still working toward DMARC enforcement
• You’re expecting deliverability improvements
• Your audience is heavily Outlook-based

That last point deserves emphasis — BIMI doesn’t affect inbox placement. Your emails won’t suddenly avoid spam folders because you implemented BIMI. The DMARC enforcement required for BIMI improves deliverability — the logo itself is purely visual.

Frequently asked questions

Here are some commonly asked questions about BIMI: