Email Authentication

What is BIMI?

Hero Image

How do you catch your email subscribers’ eyes when your competitors have equally catchy subject lines? How do you increase brand recognition even before someone opens your email?

How do you appear trustworthy when scammers and spammers are getting savvier by the day, emailing people as if they’re working for real brands?

The emerging email specification BIMI might just be the answer, but what is BIMI?

Hidden Anchor

What is BIMI?

BIMI stands for Brand Indicators for Message Identification. It is a relatively new technology that uses DKIM, SPF, and DMARC enforcement to verify an email’s sender and show the brand’s logo next to its emails in subscribers’ inboxes.

While it isn’t strictly a means of email authentication, BIMI plays a role in enhancing email security. By implementing BIMI, you provide your email recipients with the added reassurance that an email is truly from the brand it claims to be from.

Hidden Anchor

How does the BIMI email security protocol work?

Very simply put, BIMI Brand Indicators are small icons that appear next to the names of email senders in the recipient’s inbox when the BIMI process has verified that the email is truly from the sender it claims to be from.

The BIMI process consists of multiple steps:

  • First, the email goes through the DMARC, DKIM, and SPF authentication protocols.
  • If the email is authenticated by these protocols, the recipient’s email service will check to see if there is a valid BIMI record attached to the email. BIMI records are similar in format to SPF records. They are TXT files that need to be published on the DNS to be functional.
  • If the email has a valid BIMI record, the recipient’s email server will validate that record and display the brand’s logo next to its email.

That’s not all, though. BIMI requires brand logos to have the SVG Tiny Portable/Secure format. It cannot display JPGs, PNGs, or GIFs.

At the time of writing, there are still some differences in how various email clients handle BIMI, and not all email providers offer BIMI support just yet. But if they do, the above process is always true.

Hidden Anchor

The Verified Mark Certificate: a not-so-optional extra

Some email service providers (ESPs), including Gmail, require an additional piece of validation for BIMI implementation called a Verified Mark Certificate (VMC). This is a digital certificate proving you are legally allowed to use the brand logo you intend to use for your BIMI record. That means your brand logo needs to be a registered trademark. This is a crucial part of the BIMI email security process, ensuring only authorized entities can use specific brand logos.

Once you have the documentation to prove that your logo is, in fact, your official logo, you can request the certificate and proceed through the BIMI process.

Since your subscribers will probably use a wide range of email clients, getting the VMC is the safest way to go.

Hidden Anchor

Which mailbox providers support BIMI?

At the time of writing, some of the more popular email mailbox providers that support BIMI include:

  • Gmail
  • Yahoo Mail (but not Yahoo Japan)
  • Aol Mail
  • Fastmail
  • Netscape
  • Apple* (*Apple only offers BIMI support from iOS16 and MacOS Ventura onward)

Unfortunately, Microsoft mailbox providers such as Outlook and Office 365 don’t support BIMI and Microsoft hasn’t yet announced plans to change that.

If your recipients are using email clients that support BIMI and you’ve implemented BIMI correctly, they’ll see your brand logo appear next to your emails in their inboxes.

While not all email providers offer BIMI support yet, BIMI is becoming increasingly important.

With Apple now supporting the BIMI email protocol, it’s now possible for 90 percent of consumers to see brand logos in their inboxes.

Hidden Anchor

Why is BIMI so important for email marketers?

BIMI is not just a fancy email add-on, it is a strategic move to enhance your email marketing. As seeing brand logos in the inbox becomes more and more common, you don’t want to be the one blank space amidst a sea of colorful senders. However, implementing BIMI is not just a matter of hopping on board an accelerating train. There are some real benefits for your business to reap.


  • Helps improve your email security
  • Increases brand recognition and consumer trust
  • Makes your email messages stand out in your recipient’s inbox
Hidden Anchor

BIMI leverages behind-the-scenes security updates

Every business benefits from email authentication. Without it, your brand reputation is at risk. Your domain could be spoofed and used to send spam or, worse, fraudulent emails and dangerous phishing attempts to your subscribers and team members.

Because BIMI requires an enforced DMARC policy, email senders need to implement each authentication protocol to use it. This better ensures you’re doing everything possible to protect your brand and your email recipients.

Learn more about BIMI, why it is important, and what you need to do to adopt this emerging email standard.

Hidden Anchor

BIMI helps subscribers avoid phishing attempts

As mentioned, while BIMI is not an official authentication standard, it helps both mailbox providers and subscribers parse out the good mail from the bad. For example, say a company consistently deploys email with its brand logo. Then, suddenly, a recipient gets an email from the brand without a logo. That recipient will be more likely to notice the difference and question the validity of the message.

Over time, email marketers and other industry experts hope subscribers will view BIMI as a trust indicator and thus will be able to distinguish legitimate mail from dangerous phishing emails.

Hidden Anchor

BIMI makes your messages stand out

The inbox is packed. There are so many messages competing for subscriber attention, and email volume continues to increase. With BIMI, you can help your message stand out with a corresponding full-color brand logo, which not every email will have. In fact, most of your competitors’ emails will likely show a blank space or a generic icon.

On top of boosting brand visibility, having your brand’s logo appear in subscribers’ email inboxes also improves your brand recognition, which in turn helps improve your open rates. After all, recipients are more apt to open email messages from senders they trust.

Lastly, even if subscribers don’t instantly open your emails, they’ll still see your logo, keeping your brand top of mind when they’re looking to make purchases.

Hidden Anchor

BIMI enables brand-controlled logos

Without BIMI, you don’t have a lot of control over how your brand is displayed in a recipient’s inbox. You can test subject lines and preheaders, but not which logo— if any—an email client will put next to your sender name.

BIMI brand indicators change that. They allow you to communicate what your official logo is and have that logo displayed by supporting email clients.

Hidden Anchor

How to prepare for BIMI

BIMI requires proper SPF, DKIM, and DMARC enforcement. But it’s not enough to simply have all three protocols in place.

That especially applies to DMARC. To be able to use BIMI, you need a DMARC policy of either p=quarantine or p=reject. The former tells mail servers to send emails that fail DMARC to spam, and the latter blocks these emails from being delivered entirely.

If you have a DMARC policy of p=none (in which mail servers are instructed to not do anything with emails that fail DMARC), BIMI won’t work.

In other words, implementing DMARC properly, so that it protects recipients against malicious senders, is key for BIMI adoption.

Hidden Anchor

How to implement BIMI

Once your DMARC policy is set to reject (or 100 percent quarantine) you’re ready to start configuring your BIMI TXT record for use, after which you can create a new BIMI Domain Name System (DNS) entry.
Hidden Anchor

Create your BIMI brand logo image

Your BIMI TXT record will need to reference a particular kind of image to use as your brand logo. This image needs to be square with a solid background (not transparent) and it can’t be larger than 32KB. Ideally, you’ll leave some space around the logo in case it gets cropped in the recipient’s inbox.

As mentioned above, the image also can’t have just any type of file format. You’ll need to create or save it as SVG Tiny Portable/Secure or convert it to that format.

Once you have an image that follows all BIMI guidelines, the SVG file must be published via HTTPS before you can reference it in your BIMI record. Save the https:// URL of your BIMI file so you can use it to create your BIMI DNS record.

Hidden Anchor

Update your DNS records

To implement BIMI, you need to publish a DNS TXT record with the brand logo image you’ve prepared. The exact steps for going about this depend on your domain provider, but you’ll always need to create a new BIMI TXT record on a default._bimi subdomain.

If you aren’t versed in code, Validity offers a BIMI Wizard to create it for you so you can publish it on the DNS.

And if you have a VMC, you’ll also want to include it in your BIMI record.

To make sure you’ve set everything up correctly, you can use AuthIndicators Group’s BIMI Inspector.

Hidden Anchor


Hidden Anchor

Does BIMI impact deliverability?

BIMI doesn’t affect deliverability directly, but it can have an indirect effect. Since BIMI improves brand visibility and trust, recipients are more likely to open your emails. This, in turn, signals to BIMI-supporting mailbox providers that people want to receive your emails. This engagement boost makes your emails less likely to be filtered to spam.

Yes, as BIMI works with and alongside DMARC, DKIM, and SPF to verify the sender of an email, implementing BIMI can help improve your deliverability.

Hidden Anchor

Why isn’t my BIMI logo populating?

The culprit could be as simple as an improperly formatted BIMI record. Double check if the record is written and published correctly. Also, verify that your SVG file meets all BIMI requirements.

If the above looks fine, it’s also possible that your recipient isn’t using a mail client with BIMI support.

Hidden Anchor

Why are my BIMI-enabled emails sent to spam?

This is likely an issue with your email authentication rather than your BIMI setup. First, confirm that your SPF and DKIM policies are configured properly. Once you’re sure those are correct, move on to your DMARC record. Is it working the way it should?

If it is, ensure your policy is set to either quarantine or reject. Also confirm that your percent option is set to 100, meaning your DMARC policy is applicable to 100 percent of your mail.

Hidden Anchor

BIMI is the next step to winning attention in your subscribers’ inboxes

With the emerging email specification BIMI, you’re able to have email clients display your official logo in your recipient’s inboxes.

This boosts your brand recognition and helps build trust as recipients are assured that emails displaying your logo are truly coming from your brand.

For expert assistance with BIMI, check out Validity Everest. This email success platform can confirm your SPF and DKIM policies are aligning and your mail is traveling smoothly to the inbox, but it also provides the tools you need to monitor the performance of your authentication policies.

Everest also has a BIMI tool, which makes implementing BIMI much less complicated than qualifying for the technology in the first place. To learn more, schedule a demo with our team of email experts.