You set up SPF. You configured DKIM. You wrestled DMARC into enforcement. Your emails authenticate cleanly across every major mailbox provider. And yet, when your message lands in someone’s Gmail, all they see is a grey circle with the first letter of your name inside it.
That grey circle is what BIMI fixes.
Brand Indicators for Message Identification, or BIMI, is the email standard that puts your verified logo next to your name in the inbox. It is the visible payoff for all the authentication work you have already done. This guide walks through what BIMI actually is, what it costs in 2026, how to set it up correctly, and the parts that trip most teams up.
What BIMI Actually Does
BIMI is, at its core, a DNS record. That is the whole mechanism.
When an email arrives, the receiving mail server checks if it passes DMARC. If it does, the server looks up a TXT record at default._bimi.yourdomain.com. That record points to two things: the URL of your logo (an SVG file) and, optionally, the URL of a Mark Certificate. The mail server fetches the logo and displays it next to your message.
No DMARC pass, no logo. That part is non-negotiable.
The logo is not pulled from your website, your favicon, or your Google Workspace profile. It is fetched fresh from the URL you publish, and it has to be in a very specific SVG format that we will get into below.
Why Bother With BIMI
A few honest reasons, and one less honest one.
Recognition is the obvious benefit. People scan their inbox in seconds. A logo next to your name registers faster than reading the sender address. Yahoo’s original BIMI pilot measured roughly 10% engagement lift across participating senders, and Red Sift and Entrust have reported open-rate increases up to 39% for some consumer-facing programs. The big numbers tend to be best-case scenarios, but a modest, sustained lift in recognition is realistic.
Trust is the more important benefit. A verified logo signals that your authentication is in order and that someone validated your right to use that logo. In an inbox full of phishing attempts impersonating banks, retailers, and SaaS tools, that visual confirmation does real work.
The less honest reason: most marketing pages will tell you BIMI improves deliverability. It does not, directly. SPF, DKIM, and DMARC determine whether you land in the inbox. BIMI determines what happens once you are already there. The reason BIMI gets credited with deliverability lift is that to qualify for BIMI at all, you have to fix your authentication stack, and that is what actually moves the needle.
What You Need Before You Start
Three things, in order:
- SPF and DKIM, properly configured. Every service that sends mail from your domain (your transactional provider, your marketing tool, your help desk, your own mail server) needs to be covered.
- DMARC at enforcement. This means a policy of
p=quarantineorp=reject. A policy ofp=nonewill not qualify. Thepcttag must be set to 100. If you are still atp=none, give yourself two to four weeks atp=quarantinefirst to make sure you are not blocking legitimate senders before tightening further. - A square version of your logo as a vector file. SVG, AI, or EPS works as a starting point. You will convert it later. If your logo is not square, you need a square variant. Round badges, monograms, or simplified marks tend to work better than wide horizontal wordmarks.
The Three Paths: Self-Asserted, CMC, VMC
There are three different ways to deploy BIMI in 2026, and the right choice depends on your budget, your trademark situation, and which mailbox providers your recipients use.
Self-asserted BIMI (free)
You publish the DNS record and the SVG, with no certificate involved. This works on Yahoo, Fastmail, AOL, and LaPoste. It does not work on Gmail or Apple Mail. If your audience lives mostly on those two providers, self-asserted gets you nothing visible.
Common Mark Certificate, or CMC ($100 to $950 per year)
The CMC is the newer path, introduced in 2024 and broadly available since 2025. A CMC does not require a registered trademark. Instead, you prove that your logo has been publicly displayed on your domain for at least 12 months, usually verified through internet archive snapshots. Gmail displays CMC-backed logos, but without the blue verified checkmark. Apple Mail also accepts CMCs.
Verified Mark Certificate, or VMC ($899 to $1,668 per year)
The VMC is the original path and still the gold standard. It requires a registered trademark with an IP office (USPTO, EUIPO, or another supported registry). DigiCert and Entrust are the primary issuers. A VMC unlocks the blue checkmark in Gmail and the logo display in Apple Mail.
For a small SaaS or indie product without a registered trademark, a CMC is usually the right starting point. For an established brand with trademark protection already in place, the VMC pays for itself in trust signal alone.
How to Set It Up
Once your DMARC is at enforcement, the actual implementation looks like this.
1. Prepare your logo as SVG Tiny PS
This is the part that breaks most setups. A regular SVG exported from Illustrator or Figma will not pass validation. You need the SVG Portable/Secure profile, specifically baseProfile="tiny-ps" and version="1.2". No scripts, no animations, no external references, no embedded raster images, no gradients in some implementations. File size has to be under 32 KB. Use the BIMI Group’s free SVG conversion tool or their Adobe Illustrator export script, then validate the result.
The minimum structure looks like this:
<svg xmlns="http://www.w3.org/2000/svg" version="1.2" baseProfile="tiny-ps" viewBox="0 0 100 100">
<title>Your Company Name</title>
<!-- Your logo paths here -->
</svg>2. Host the logo over HTTPS
Plain HTTP will not work. The certificate authority and the receiving mail servers both check that the SVG URL serves over TLS. A free Let’s Encrypt certificate is fine. Use a simple lowercase filename with no spaces, like brand-bimi.svg.
3. Obtain a Mark Certificate (if going the CMC or VMC route)
Apply through DigiCert, Entrust, or another listed Mark Verifying Authority. Expect 1 to 4 weeks for validation, depending on the path. The CA will issue a PEM file containing the certificate, which you also host over HTTPS.
4. Publish the BIMI DNS record
Add a TXT record at default._bimi.yourdomain.com in this format:
v=BIMI1; l=https://yourdomain.com/brand-bimi.svg; a=https://yourdomain.com/brand-bimi.pem;The l tag is the logo URL. The a tag is the certificate URL (omit this entirely for self-asserted BIMI). The semicolons matter. The DNS hostname uses default._bimi as the selector by convention.
5. Validate the deployment
Use the BIMI Group’s inspector, Valimail’s BIMI checker, or one of the free third-party validators. They will flag issues with DMARC alignment, SVG formatting, or certificate validity before you go looking for them in production.
6. Wait and test
Mailbox providers cache aggressively. Gmail in particular can delay display by hours or even days based on sender reputation checks. Send a test email to a personal Gmail account, then check again 24 hours later if the logo has not appeared.
The SVG Tiny PS Gotcha
This deserves its own section because it eats more setup hours than every other step combined.
The SVG Tiny Portable/Secure profile is a heavily restricted subset of SVG. The intent is security: no scripts, no fetched resources, no animations, no surprises. The result is that almost no design tool exports it correctly out of the box.
Common mistakes that fail validation:
- A standard Illustrator SVG export. Wrong baseProfile, often includes disallowed attributes like
x=,y=, oroverflow=. - An embedded bitmap. Designers sometimes export “SVG” files that are really PNGs wrapped in an SVG container. Open the file in a text editor, search for
data:image/png;base64, and if you find it, the file needs to be redrawn as true vectors. - Missing
<title>element. The title sits right after the opening<svg>tag and should contain your company name, under 65 characters. - Non-square aspect ratio. The viewBox must be 1:1.
- File size over 32 KB. Run the result through SVGO or a similar minifier.
After Illustrator export, the file usually needs a few minutes of hand-editing in a text editor to remove disallowed attributes and add the title. Budget an hour or two for this step on the first attempt.
Which Inboxes Actually Display BIMI Logos
As of 2026, the realistic support picture looks like this:
| Mailbox provider | BIMI support | Certificate required |
|---|---|---|
| Gmail (web and mobile) | Yes | VMC or CMC |
| Apple Mail (iOS and macOS) | Yes | VMC or CMC |
| Yahoo Mail | Yes | None |
| Fastmail | Yes | None |
| AOL | Yes | None |
| LaPoste | Yes | None |
| YouniqMail | Yes | VMC or CMC |
| Outlook / Microsoft 365 | No | N/A |
The Outlook gap is the elephant in the room for B2B teams. Microsoft has stated there are no short-term plans to support BIMI in Exchange Online. If your audience is mostly enterprise on Microsoft 365, the visible branding payoff disappears for that segment. Your authentication work still matters for deliverability, just not for the logo display.
Common Reasons Your Logo Is Not Showing Up
You have published the record, validated the SVG, paid for the certificate, and the logo still is not appearing. The usual suspects:
- DMARC is at
p=none, orpctis below 100. Both disqualify you. - DMARC alignment is failing for the specific sending source. Check your DMARC aggregate reports.
- The SVG is technically valid but contains an embedded raster image you missed.
- The certificate URL is unreachable or returns a non-200 status.
- DNS propagation has not finished. Lower the TTL before changes, then raise it after.
- Gmail caching. Wait 24 to 72 hours.
- Sender reputation is too low. Gmail will withhold BIMI display from domains it does not yet trust, even with everything else correct. This is the least documented and most frustrating cause.
Is BIMI Worth It?
It depends on your audience.
Consumer brands with Gmail and Apple-heavy recipient bases, an active marketing program, and a registered trademark will see the strongest return. The combination of recognition, trust, and (with a VMC) the blue checkmark genuinely lifts engagement.
Indie products and small SaaS without a trademark should consider a CMC at the lower end of the price range, or start with self-asserted BIMI to cover Yahoo and Fastmail recipients while skipping the certificate cost entirely.
B2B teams selling primarily into Microsoft 365 environments should treat BIMI as a nice-to-have for now. The authentication work is worth doing regardless, but the visible payoff will not reach most of your audience until Outlook adds support.
FAQ
Do I need a trademark for BIMI?
For a VMC, yes. For a CMC, no, but your logo must have been publicly displayed on your domain for at least 12 months. For self-asserted BIMI, neither is required.
How long does BIMI take to set up?
Once DMARC is at enforcement, expect 1 to 2 hours for the SVG and DNS work, plus 1 to 4 weeks for CMC or VMC validation if you go that route. Gmail and Apple Mail typically display the logo within 24 to 72 hours after the record is live.
Does BIMI improve deliverability?
Not directly. DMARC enforcement does, and DMARC enforcement is a BIMI prerequisite. The improvement people attribute to BIMI is usually the improvement from getting authentication right.
Will my logo show up everywhere immediately?
No. Different mailbox providers cache and validate at different speeds. Gmail in particular weighs sender reputation, so newer domains may wait longer for display.
What happens if I change my logo?
You need to reissue the certificate (if you have one) and update the SVG at the URL referenced in your BIMI record. The new logo will not display until both are in place.
Can I use BIMI without DMARC at enforcement?
No. Mailbox providers will refuse to display the logo if DMARC is at p=none or if pct is below 100. The DMARC requirement is the whole reason BIMI is considered a trust signal in the first place.