BIMI (Brand Indicators for Message Identification) is a DNS-based standard that lets you display your company logo directly in the inbox, next to your sender name. Gmail, Yahoo Mail, and Apple Mail show a verified logo when your domain passes strict authentication checks and, in most cases, holds a cryptographic certificate proving logo ownership. The practical result: recipients see your brand before they open the message, and mailbox providers signal to them that the sender is legitimate.
What BIMI Actually Does
Before BIMI, a recipient’s inbox showed either a generic placeholder avatar or, at best, a Gravatar-style image tied to an email address. With BIMI, your logo replaces that placeholder for qualifying messages, consistently, across supported clients.
The standard sits on top of your existing email authentication stack. It does not replace SPF, DKIM, or DMARC. It rewards having all three in place and enforced. According to BIMI Group’s FAQ for senders: “At a minimum, BIMI requires DMARC alignment, and many providers also require a valid Certificate (VMC or CMC) proving rights to the logo.”
The logo itself is also a deliverability signal. Verizon Media (which operates Yahoo Mail and AOL) found an average 10% increase in open rates for email messages that display brand logos, as cited in Litmus’s BIMI overview. That lift is not purely from the logo; it reflects the underlying authentication quality BIMI requires.
The Four Prerequisites
BIMI has a hard dependency stack. Every layer must be in place before the record does anything.
1. Enforced DMARC policy. Your domain’s DMARC record must be set to p=quarantine or p=reject. According to Google’s setup guide: “The policy option (p) must be set to quarantine or reject. BIMI doesn’t support DMARC policies that have the p option set to none.” A pct value below 100 is also not accepted. If you’re still on p=none, you need to work through setting up DMARC before BIMI is relevant.
2. SVG Tiny PS logo. Your logo must conform to the SVG Tiny Portable/Secure (SVG Tiny-PS) profile, not a general SVG file. The BIMI Group implementation guide specifies the image must be a minimum 96×96 pixels specified in absolute pixel values, the file size should be 32 KB or smaller, and the logo should be centered in a square on a solid color background. Most vector editors export standard SVG; you need a tool or script that validates and converts to the Tiny-PS profile specifically.
3. A mark certificate (for most providers). A self-asserted BIMI record (one with no certificate) is supported by very few providers. The BIMI Group notes: “Self-Asserted BIMI records have limited support across the various Mailbox Providers.” Yahoo Mail and Fastmail will render logos without a certificate, but Gmail and Apple Mail require either a VMC or CMC. More on the certificate types below.
4. HTTPS-hosted logo. The SVG file must be served from a stable HTTPS URL with the correct image/svg+xml MIME type.
VMC vs. CMC: Which Certificate Do You Need?
Two certificate types exist for BIMI, and the distinction matters for both eligibility and provider support.
Verified Mark Certificate (VMC): Requires a registered trademark. The certificate authority verifies trademark ownership with the relevant IP body (USPTO, EUIPO, etc.), which can take several weeks. VMCs unlock the broadest provider support, including Apple Mail. In Gmail specifically, Google’s guide confirms: “In Gmail, you’ll see a checkmark next to senders verified with a VMC.” The checkmark is exclusive to VMC holders.
Common Mark Certificate (CMC): Does not require a registered trademark. Instead, you demonstrate roughly 12 months of verifiable public logo use. The BIMI Group’s certificate types page describes CMCs as accommodating “marks that may not be registered trademarks,” specifically covering “Prior Use Marks” and “Modified Registered Marks.” CMCs are issued faster and cost less, but provider support is narrower: Gmail and Yahoo accept them, Apple Mail does not (as of mid-2026).
For SaaS teams without a registered trademark, CMC is the practical starting point. For established brands with trademark registration, VMC is worth the extra time given the Apple Mail coverage and Gmail’s verification checkmark.
Both certificate types have a maximum validity period of 398 days, as defined by the AuthIndicators Working Group Mark Certificate Requirements.
The BIMI DNS Record
Once prerequisites are satisfied, you publish a single TXT record at default._bimi.[yourdomain]. The BIMI Group’s implementation guide defines the format:
default._bimi.example.com IN TXT "v=BIMI1; l=https://example.com/.well-known/bimi/logo.svg; a=https://example.com/.well-known/bimi/vmc.pem"The three tags:
v=BIMI1declares the BIMI version. AlwaysBIMI1.l=points to your HTTPS-hosted SVG Tiny-PS logo URL.a=points to your VMC or CMC certificate in PEM format. For a self-asserted record (no certificate), usea=;as an empty value. Google’s guide notes that “Gmail and other email clients support BIMI only with PEM files.”
A self-asserted record without the a= certificate looks like:
default._bimi.example.com IN TXT "v=BIMI1; l=https://example.com/.well-known/bimi/logo.svg; a=;"After publishing, propagation takes the standard DNS TTL window (typically 1-24 hours). Several free validators exist at bimigroup.org to confirm the record resolves correctly.
Which Providers Display BIMI Logos
Coverage as of mid-2026:
| Provider | BIMI support | Certificate required | Notes |
|---|---|---|---|
| Gmail | Yes | VMC or CMC | VMC adds blue checkmark |
| Yahoo Mail | Yes | Optional (recommended) | Displays without certificate |
| Apple Mail (iOS 16+, macOS Ventura+) | Yes | VMC required | No CMC support |
| Fastmail | Yes | Optional | Displays without certificate |
| Zoho Mail | Yes | Varies | Check current docs |
| Microsoft Outlook / M365 | Partial preview | N/A | No consistent GA; enterprise inboxes do not render |
Microsoft is the notable gap. Outlook.com has been in an inconsistent BIMI preview since late 2023, and Microsoft 365 enterprise inboxes do not reliably render BIMI logos as of mid-2026. Given that Outlook handles a large share of B2B email, this limits BIMI’s reach for outbound sequences targeting corporate addresses. BIMI is most impactful today for consumer and SMB-oriented email programs.
What BIMI Does Not Do
Understanding the limits saves you from misallocating effort.
BIMI does not directly improve inbox placement. It does not override spam filters or sender reputation signals. What it does is reward domains that already have good sender reputation and full authentication in place, by surfacing their logo. The authentication prerequisites are the deliverability work; BIMI is the visible output of that work.
BIMI also does not protect against every phishing scenario. A bad actor spoofing a different domain entirely will not trigger your BIMI logo. But a bad actor attempting to spoof your exact domain will be blocked at the DMARC enforcement layer before BIMI even enters the picture.
The BIMI Group puts it plainly: “Logos can improve recognition, reduce hesitation, and may boost engagement. They aren’t a guarantee of trust; they’re a signal layered on top of authentication and good sending practices.”
Where BIMI Fits in Your Authentication Stack
BIMI is the last step in the authentication sequence, not the first. The practical order for a SaaS team:
- SPF record published and valid
- DKIM signing configured on your sending domain
- DMARC published and monitored (start at
p=none, graduate top=quarantine, thenp=reject) - DMARC fully enforced at
p=quarantineorp=rejecton both domain and subdomains - SVG Tiny-PS logo prepared
- VMC or CMC certificate obtained
- BIMI TXT record published
If step 4 is not complete, steps 5-7 are premature. See the guide to email deliverability best practices for how authentication fits into the broader sending quality picture.
BIMI is a reasonable next step once your authentication house is in order, you send enough volume to make the branding lift meaningful, and your logo is trademark-ready (or has 12+ months of documented use for CMC). For early-stage teams still working on DMARC enforcement, it belongs on the roadmap but not at the top of the sprint.
Frequently Asked Questions
Does BIMI improve email deliverability?
BIMI itself does not change how inbox providers filter your mail. The deliverability improvement comes from the prerequisites: enforced DMARC, aligned SPF and DKIM, and good sender reputation. BIMI is the visible reward for meeting those standards, not the mechanism that achieves them. Think of it as a signal to recipients rather than a signal to spam filters.
Can I use BIMI without a VMC or CMC certificate?
Yes, but with limited coverage. A self-asserted BIMI record (with a=; and no certificate) is recognized by Yahoo Mail and Fastmail. Gmail and Apple Mail will not display logos from self-asserted records. If your audience primarily uses Gmail or Apple Mail, a VMC or CMC is effectively required to get any practical benefit from BIMI.
What is the difference between a VMC and a CMC?
A VMC (Verified Mark Certificate) requires a registered trademark and gives you the broadest provider support including Apple Mail and Gmail’s blue verification checkmark. A CMC (Common Mark Certificate) does not require trademark registration but asks for about 12 months of documented public logo use. CMCs are supported by Gmail and Yahoo but not Apple Mail. Both have a maximum validity of 398 days and must be renewed annually.
Does BIMI work with Microsoft Outlook?
Not reliably as of mid-2026. Outlook.com has been in an inconsistent BIMI preview since late 2023, and Microsoft 365 enterprise inboxes do not render BIMI logos in a production-ready way. Microsoft has not announced a general availability date. BIMI’s practical reach today is Gmail, Yahoo Mail, Apple Mail, and Fastmail.
What SVG format does BIMI require?
BIMI requires SVG Tiny Portable/Secure (SVG Tiny-PS), a restricted profile of SVG designed for security. The logo must be at least 96×96 pixels with absolute pixel dimensions specified, the file must be 32 KB or smaller, and it should be centered in a square on a solid color background. Standard SVG exports from tools like Illustrator or Figma typically need validation and conversion to the Tiny-PS profile before they qualify.
How long does it take to get a BIMI record working?
The DNS record itself propagates within 1-24 hours. The bottleneck is the certificate. A CMC typically takes a few days once you can document prior logo use and verify domain control. A VMC can take several weeks because it requires trademark verification with the relevant IP authority. If you don’t have trademark registration yet, start with CMC to get logo display in Gmail and Yahoo while the trademark process runs in parallel.
I’ve spent my career building software at scale with a soft spot for email: deliverability, lifecycle campaigns, and getting messages to actually land. I started Coldletter to fix what bugged me about transactional and marketing email tools. I’m based in Vancouver.