January 28, 2026

BIMI: Your Brand's Logo & Verification in Inboxes

Email has remained the backbone of business communication for decades, and yet phishing, spoofing, and impersonation attacks continue to erode customer trust. When someone receives an email, they have seconds to decide if it's legitimate or another scam. That's where BIMI comes in.

BIMI stands for Brand Indicators for Message Identification. Simply put, it lets your business display a verified logo next to your emails in Gmail, Yahoo Mail, and Apple Mail inboxes. It's your brand's way of saying, "Yes, this email is really from us," without your customers having to think twice about it.

If you're running a small-to-medium business and sending regular customer communications; whether that's invoices, newsletters, or transactional emails - BIMI can be a game-changer. In this guide, we'll walk through what BIMI is, how it works, why it matters for your business, and the practical steps to get it set up.

What is BIMI?

At its core, BIMI is a DNS record that tells email providers where to find your brand logo and displays it next to your authenticated emails. When a recipient opens their inbox, instead of seeing a generic avatar or initials, they see your actual logo. This visual recognition builds trust and makes your emails stand out in crowded inboxes.

But here's the catch: BIMI doesn't work in isolation. It's built on top of three existing email authentication protocols: SPF, DKIM, and DMARC. These three work together to verify that emails claiming to be from your domain actually come from your infrastructure, and haven't been tampered with in transit.

Think of BIMI as the reward for doing email authentication right. Once you've set up proper email authentication, BIMI lets you display that verified status visually.

The Foundation: SPF, DKIM, and DMARC

Before jumping into BIMI, you need to understand the three building blocks it relies on.

SPF (Sender Policy Framework) is a DNS record that specifies which mail servers are authorized to send emails on behalf of your domain. It's like saying, "Only these IP addresses are allowed to send mail for @yourbusiness.com."

DKIM (DomainKeys Identified Mail) adds a digital signature to your outgoing emails. Think of it like a tamper-evident seal on a package—it proves that the email's content hasn't been modified since it left your servers, and that it genuinely came from your domain.

DMARC (Domain-based Message Authentication, Reporting & Conformance) ties SPF and DKIM together. It tells receiving mail servers what to do if an email fails authentication (quarantine it, reject it, or do nothing), and it sends you reports showing which emails passed or failed checks. DMARC also includes a crucial alignment check—it verifies that the domain in the "From" address matches the domain being authenticated by SPF or DKIM.

For BIMI to work, your domain must have DMARC set to either "quarantine" or "reject" policy. If your DMARC is still in reporting-only mode (p=none), you won't be eligible for BIMI yet.

Why BIMI Matters for Your Business

Let's talk practical benefits. The data shows that BIMI genuinely works.

Research from Yahoo Mail's pilot program found a 10% increase in engagement for emails with BIMI logos. Other studies have reported open rate increases as high as 39%. Red Sift and Entrust data shows brands experiencing up to a 34% higher purchase likelihood after implementing BIMI.

But engagement isn't the only win. Brand recall improves by up to 44% when recipients see your logo consistently. For retail and e-commerce businesses, this is huge. A logo in the inbox makes your brand instantly recognizable and reduces the chance of customers mistaking your legitimate shipping notification for a phishing attempt.

There's also a security angle. Every business is a target for impersonation attacks. When your logo appears in the inbox with a verified checkmark, it becomes exponentially harder for fraudsters to convincingly fake your emails. Your customers know, at a glance, whether an email is really from you.

For small-to-medium businesses competing against larger brands, BIMI is an underutilized advantage. Most businesses still haven't implemented it, which means early adopters stand out. You're signaling professionalism, security-consciousness, and attention to customer experience - all things that build loyalty.

Prerequisites: What You Need Before Starting

BIMI isn't a trivial setup, but it's also not impossible. Here are the hard requirements:

1. Your own domain – You need to own and control your sending domain (not a subdomain, though subdomains can use BIMI if they're also DMARC compliant).

2. SPF and DKIM records – Both should be configured and working. SPF specifies your authorized mail servers; DKIM adds a signature to your messages.

3. DMARC enforcement – Your domain must have a DMARC policy set to either "quarantine" or "reject." If your DMARC is still at p=none (monitoring-only), you'll need to move past that first.

4. A square logo in SVG format – Your logo must be:

• Square shaped with no additional text
• In SVG (Scalable Vector Graphics) format, specifically SVG Tiny 1.2 P/S
• Publicly accessible over HTTPS
• Clean and readable when scaled down to small sizes

5. A BIMI DNS record – A TXT record pointing to your logo (and optionally, a certificate).

The good news: items 1-4 are straightforward for most businesses. Item 5 is just a DNS entry you'll add alongside your other authentication records.

Understanding Mark Certificates

Here's where it gets slightly more complex, but don't worry—we'll keep it simple.

To display a logo in Gmail and get a blue verified checkmark (like social media verification), you need a Verified Mark Certificate (VMC). A VMC is a digital certificate issued by Certificate Authorities (like DigiCert or Entrust) that proves your business legally owns the logo and trademark.

There's also a Common Mark Certificate (CMC), which is newer and more accessible. A CMC lets you display your logo in Gmail without the blue checkmark, and works in Yahoo and other providers. It requires proof that you've been using the logo publicly for at least 12 months, but doesn't require a registered trademark.

Here's the catch: VMCs cost between $1,000–$1,500 per year, which can be steep for small businesses. CMCs are cheaper and more practical for SMBs. Many businesses start with a CMC to test BIMI's impact, then upgrade to a VMC if the ROI justifies it.

For this guide, we're focusing on BIMI setup without diving into certificate purchasing, since that's a separate business decision. You can implement BIMI with or without a certificate - the DNS record setup is the same.

Step-by-Step Setup Guide

Step 1: Verify Your Authentication Foundation

Before touching BIMI, confirm that SPF, DKIM, and DMARC are correctly configured.

Run a quick check using free tools like MXToolbox or Google's DMARC Inspector. You're looking for:

• ✅ SPF record exists and is valid
• ✅ DKIM record is published and working
• ✅ DMARC policy is set to p=quarantine or p=reject (not p=none)

If your DMARC is still at p=none, you'll need to gradually shift to enforcement. Start by monitoring what emails fail authentication, fix any legitimate senders you're missing (like email marketing platforms or CRM tools), then slowly increase the policy to p=quarantine and eventually p=reject.

This process typically takes 6–8 weeks, depending on how many third-party senders you use.

Step 2: Prepare Your Logo File

Your logo needs to be in SVG Tiny 1.2 P/S format. If you only have a PNG or JPG version, you'll need to convert it. Tools like:

• Convertio
• CloudConvert
• Adobe Illustrator (if you have it)

...can handle the conversion. Once converted, ensure your SVG is:

• Exactly square (not rectangular)
• Clean and readable at small sizes (think 60×60 pixels)
• Free of extra text or decorative elements
• Properly formatted and valid

After creating the SVG, host it on a secure, publicly accessible HTTPS server. Most businesses use their web hosting, CDN, or object storage (like AWS S3 with public access).

Step 3: Determine Your Logo URL

Once your SVG is hosted, you'll have a URL like:

https://yourbusiness.com/.well-known/bimi.svg

Keep this URL handy, you'll need it in the next step.

Step 4: Create Your BIMI DNS Record

Now for the technical part. You'll add a TXT record to your DNS. The record looks like this:

_bimi.yourbusiness.com TXT "v=BIMI1; l=https://yourbusiness.com/.well-known/bimi.svg"

Breaking this down:

• _bimi.yourbusiness.com – This is the record name. You're adding a subdomain called "_bimi" to your root domain.
• TXT – This is the DNS record type.
• v=BIMI1 – This specifies the BIMI version (currently version 1).
• l= – The "l" stands for logo. The value is the HTTPS URL to your SVG file.

If you're using a certificate, you'd also add an "a=" parameter pointing to the certificate URL:

v=BIMI1; l=https://yourbusiness.com/.well-known/bimi.svg; a=https://yourbusiness.com/.well-known/bimi.pem

But for now, the basic record without a certificate is sufficient.

Step 5: Add the Record to Your DNS Provider

The exact steps vary by DNS provider (GoDaddy, Cloudflare, Route 53, etc.), but the process is generally:

1. Log into your DNS provider's control panel
2. Find the section for DNS records or zone management
3. Create a new TXT record
4. Enter the details:
   • Name/Host: _bimi.yourbusiness.com
   • Type: TXT
   • Value: v=BIMI1; l=https://yourbusiness.com/.well-known/bimi.svg
5. Save the record

DNS changes take time to propagate—usually 15 minutes to 24 hours.

Step 6: Verify Your Setup

After your DNS record is live, verify it using free tools:

• MXToolbox BIMI Lookup – Checks if your BIMI record is published correctly
• Google's BIMI Checker – Validates format and logo display
• BIMI Inspector – Provides detailed diagnostics

These tools will confirm whether your record is valid and accessible. They'll also preview how your logo appears in email clients.

Step 7: Monitor Adoption

BIMI adoption varies by email provider. Gmail, Yahoo Mail, and Apple Mail support BIMI, but not all email clients display it yet. Monitor your email campaigns to see where your logo starts appearing, and use email analytics to track whether BIMI correlates with improved open rates and engagement.

Common Challenges and Solutions

Challenge 1: DMARC Isn't Enforced Yet

If your DMARC policy is still at p=none, BIMI won't work. The fix is gradual enforcement. Start by monitoring failures in your DMARC reports. Identify any third-party senders (marketing platforms, support systems, etc.) that are sending mail as your domain. Make sure they're properly aligned with SPF or DKIM. Then slowly increase your DMARC policy: p=none → p=quarantine → p=reject.

Challenge 2: Logo Format Issues

SVG files can be finicky. Common problems include incorrect dimensions, unsupported fonts, or missing HTTPS hosting. If your logo doesn't display, use the validation tools above to identify the issue. You can also reach out to your email provider's support—they often have templates for correctly formatted BIMI logos.

Challenge 3: Third-Party Email Senders

If you use marketing automation, CRM platforms, or transactional email services (like Sendgrid), they might not be properly aligned with your DMARC policy. Work with these providers to ensure they're either authenticated via SPF, DKIM, or both. Most platforms have straightforward setup guides for this.

Challenge 4: DNS Propagation Delays

DNS changes aren't instant. If your record isn't appearing in lookups, wait a few hours and try again. Use a tool like "DNS Propagation Checker" to see if it's live globally.

Challenge 5: Certificate Costs

If you decide to pursue a Verified Mark Certificate for Gmail's blue checkmark, expect to budget $1,000–$1,500 annually. For many SMBs, starting with a Common Mark Certificate or testing BIMI without a certificate is a smarter financial move.

Measuring BIMI's Impact

Once BIMI is live, track these metrics:

• Open rates – Compare email opens before and after BIMI deployment.
• Click-through rates – Does a branded, verified email encourage more clicks?
• Unsubscribe rates – Do fewer people unsubscribe when they see a verified logo?
• Spam complaints – Does BIMI reduce the number of recipients marking emails as spam?
• Brand recognition – Survey customers about brand recall when they see your logo in the inbox.

Most email platforms (Mailchimp, Klaviyo, etc.) let you segment performance by campaign, so you can compare BIMI-enabled sends to previous campaigns.

Final Thoughts

BIMI is one of those technologies that looks complicated at first but becomes straightforward once you break it down. The real legwork is getting your authentication foundation right (SPF, DKIM, DMARC). BIMI itself is just a DNS record pointing to your logo.

For small-to-medium businesses, BIMI is a low-cost way to stand out, build customer trust, and improve email performance. Early adoption gives you a competitive edge, especially in industries like e-commerce, SaaS, and professional services where email is a primary communication channel.

If you're already managing email authentication, adding BIMI takes an afternoon. If you're starting from scratch, give yourself 6–8 weeks to get DMARC enforced, then a few hours to add the BIMI record.

The return on investment—measurable increases in open rates, engagement, and brand recognition—is worth the effort. Your customers will see your logo, trust your emails more, and engage more often.