BIMI Record Email Auth

BIMI (Brand Indicators for Message Identification) allows organizations to display their brand logo next to authenticated emails in supporting email clients. BIMI works alongside DMARC to provide visual brand recognition and increase trust in legitimate emails.

What Is a BIMI Record?

A BIMI record is a DNS TXT record that specifies the location of your brand's logo file. When an email passes DMARC authentication, supporting email clients fetch the logo and display it next to the message.

Benefits of BIMI include:

• Brand visibility — Your logo appears in the inbox
• Increased trust — Recipients recognize legitimate emails
• Better engagement — Branded emails get higher open rates
• Phishing protection — Makes it harder for attackers to impersonate your brand

BIMI Record Format

BIMI records are published at default._bimi.domain.com:

default._bimi.example.com.    3600    IN    TXT    "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"

BIMI Record Components

BIMI Requirements

Email Authentication Stack

1. SPF — Set up SPF record
2. DKIM — Configure DKIM signing
3. DMARC — Enforce DMARC policy (quarantine or reject)
4. BIMI — Add BIMI record with logo URL

Logo Requirements

• Format — SVG Tiny 1.2 Portable/Secure (SVG P/S)
• Size — Square aspect ratio recommended
• No text — Logo should be recognizable without text
• Centered — Subject should be centered in the image
• HTTPS — Logo URL must use HTTPS

Verified Mark Certificate (VMC)

Some email providers (like Gmail) require a VMC — a certificate that verifies you own the trademark for your logo. VMCs are issued by certificate authorities like:

• DigiCert
• Entrust

VMC requires a registered trademark with an approved trademark office. This is an additional cost and step, but provides stronger brand authentication.

BIMI Implementation Steps

1. Achieve DMARC enforcement — Set p=quarantine or p=reject at 100%
2. Create SVG logo — Convert your logo to SVG Tiny PS format
3. Host the logo — Upload to a publicly accessible HTTPS URL
4. (Optional) Get VMC — Required for Gmail and some providers
5. Publish BIMI record — Add TXT record at default._bimi.yourdomain.com
6. Test and validate — Use BIMI validation tools

Example BIMI Configurations

Basic BIMI (No VMC)

default._bimi.example.com.    TXT    "v=BIMI1; l=https://example.com/brand/logo.svg"

BIMI with VMC

default._bimi.example.com.    TXT    "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"

Disable BIMI

default._bimi.example.com.    TXT    "v=BIMI1; l="

Email Client Support

BIMI Best Practices

• Use a simple, recognizable logo — The logo will display small; ensure it's identifiable.
• Test your SVG — Validate it meets SVG Tiny PS requirements.
• Host reliably — Use a CDN or reliable host for the logo URL.
• Consider VMC — If Gmail is important to you, invest in a VMC.
• Monitor DMARC — Maintain your DMARC enforcement; BIMI stops working if you drop to p=none.

Troubleshooting BIMI

Common issues and solutions:

• Logo not showing — Verify DMARC is at p=quarantine/reject and pct=100.
• Gmail not displaying logo — Gmail requires a VMC; ensure it's properly configured.
• Invalid SVG — Logo must be SVG Tiny 1.2 PS format, not standard SVG.
• URL not accessible — Ensure the logo URL is publicly accessible via HTTPS.
• Record not found — Verify the record is at default._bimi.yourdomain.com.

Related Record Types

• DMARC Record — Required for BIMI
• DKIM Record — Email signature verification
• SPF Record — Email sender authorization
• TXT Record — BIMI records are stored as TXT