Email Authentication

What is BIMI?

Hero Image
Brand Indicators for Message Identification is the latest entry into the world of email authentication. More commonly referred to as BIMI, it requires an enforced DMARC policy. While it isn’t strictly a means of authentication, it provides email recipients an added assurance the email is truly from the brand stated.
Hidden Anchor

How does BIMI work?

At the simplest level, BIMI is a small icon or “indicator” next to the name of the sender associated with an email in the inbox. This graphic adds another brand impression in a crowded mailbox and over time it’s expected to assure recipients the mail is legitimate.

Right now, specific implementations vary by mailbox provider (MBP), but all will require a valid BIMI record, 100% DMARC enforcement, and a good sender reputation. A BIMI record is similar in format as an SPF record; a TXT file to be published on the DNS.

Hidden Anchor

A note on VMCs

Gmail currently requires an additional piece of validation in order to implement BIMI called a Verified Mark Certificate (VMC). It is a digital certificate proving you are legally allowed to use the brand logo you intend to use for your BIMI record. This also means your logo needs to be a registered trademark. Once you have the documentation, you can request the certificate and proceed through the BIMI process. This may also be a requirement of other email providers, so be sure to check with each supporting MBP’s mailbox provider’s guidelines.
Hidden Anchor

BIMI rollout is limited (for now)

BIMI is not supported by every MBP, but it is supported by email giant Gmail, plus other providers, including Yahoo, AOL, and Verizon. This means if you’re emailing users at Gmail, Yahoo and AOL and you have BIMI in place, the recipients will see your logo associated with the email you send to those inboxes.


Following Google’s general availability announcement, BIMI is available at roughly 2 billion inboxes.

Hidden Anchor

Why is BIMI so important for marketers?

BIMI’s benefit to marketers is two-fold. First, it improves brand recognition and your ability to stand out from competitors in the inbox. Second, it is an incentive to implement stringent email authentication standards to protect your mail from malicious actors.
Hidden Anchor

Leverages behind-the-scenes security updates

Every brand benefits from email authentication. Without it, your reputation is at risk. Your domain could be spoofed and used to send spam, or worse, to put dangerous phishing attempts in the inboxes of your email recipients or employees.

Because BIMI requires an enforced DMARC policy, senders need to implement each authentication protocol. This better ensures you’re doing everything possible to protect your brand and your email recipients.

Hidden Anchor

Helps subscribers avoid phishing attempts

As mentioned, while BIMI is not an authentication standard, it helps subscribers parse out the good mail from the bad. For example, when a company consistently deploys email with their logo, then suddenly a recipient gets an email from the brand without a logo, subscribers are more likely to notice the difference and question the validity of the message.

Over time, email experts hope subscribers eventually understand BIMI as a trust indicator and thus will be able to distinguish legitimate mail from dangerous phishing email.

Hidden Anchor

Makes your messages stand out

The inbox is packed. There are so many messages competing for subscriber attention, and email volume continues to increase. With BIMI, you can help your message stand out with a corresponding full-color logo, which not every email will have. In fact, most won’t. This is a simple, yet effective way to catch a subscriber’s eye when scanning the inbox.
Hidden Anchor

How to prepare for BIMI

If you’re using just SPF and DKIM, you’re only halfway to the finish line for BIMI. Once you start to use DMARC, you still have a bit of a way to go.

You’ll start with the least stringent DMARC policy, p=none. This means messages are being validated for authenticity, but if there’s something wrong with the message, you’ve instructed the MBP to do nothing. You’ll be able to get reports on this activity, but there isn’t any action happening.

Once you move to p=quarantine, where unauthenticated mail is directed to a quarantine or spam folder, you’re enforcing your policy. You’re actively preventing potentially malicious mail from reaching recipients. The same applies with the strictest policy, p=reject, in which your instructions are to flat-out refuse the mail. At this point, you’re eligible for BIMI.

Learn more about BIMI, why it is important, and what you need to do to adopt this emerging email standard.

Hidden Anchor

How to implement BIMI

Once your DMARC policy is set to reject (or 100% quarantine) you’re ready to start configuring your BIMI record for use.

Hidden Anchor

BIMI logo image

Your BIMI record will need to reference a particular kind of image for use. You’ll need an SVG, or vector, file. It will also need to be square, sized as Tiny Portable, and have a solid background. Once you have the image formatted, it must be published via HTTPS. Meet these requirements and then you can reference the image in your BIMI record.
Hidden Anchor

Update DNS

Finally, all your standards are met and your components are prepared. At this point, you’re free to create the BIMI record. If you aren’t versed in code, Validity offers a BIMI Wizard to create it for you so you can publish it on the DNS.
Hidden Anchor


Hidden Anchor

Why isn’t my BIMI logo populating?

This could be as simple as an improperly formatted BIMI record. Double check it’sthe record is written and published correctly. Also verify your SVG image meets all the requirements. It’s also possible your recipient isn’t using a mail client with BIMI support. You can always contact Validity for guidance and additional help in solving an image issue.
Hidden Anchor

Why are my BIMI-enabled emails sent to spam?

This is likely an issue with your email authentication. First confirm your SPF and DKIM policies are configured properly. Once you’re sure those are correct, move on to your DMARC record. Is it working the way it should? If it is, ensure your policy is set to either quarantine or reject. Also confirm your percent option is set to 100, meaning your DMARC policy is applicable to 100% of your mail. Again, if these factors don’t solve the issue, Validity is here to help.

Discover how Everest can help you implement BIMI so you can create a trusted brand experience and stand out in today’s overcrowded inbox.



BriteVerify email verification ensures that an email address actually exists in real-time


The #1 global data quality tool used by thousands of Salesforce admins


Insights and deliverability guidance from the only all-in-one email marketing solution

GridBuddy Cloud

Transform how you interact with your data through the versatility of grids.

Return Path

World-class deliverability applications to optimize email marketing programs

Trust Assessments

A revolutionary new solution for assessing Salesforce data quality


Validity for Email

Increase inbox placement and maximize subscriber reach with clean and actionable data

Validity for Data Management

Simplify data management with solutions that improve data quality and increase CRM adoption

Validity for Sales Productivity

Give your sales team back hours per day with tools designed to increase productivity and mitigate pipeline risks in real-time

DemandTools Elements Features

DemandTools Features

GridBuddy Connect Features

Everest Features

Everest Features