BIMI (Brand Indicators for Message Identification) is the email standard that displays your brand's verified logo directly in the inbox next to your sender name — giving recipients an immediate visual trust signal that the email is genuinely from your organisation before they open it. As of 2026, BIMI has crossed from early-adopter territory into a mainstream brand differentiation tool: the number of domains with BIMI records grew 53% in 2024-2025, and inbox providers including Gmail, Yahoo, Apple Mail, and La Poste now support logo display for properly configured senders. This guide provides the complete technical implementation path from zero to a working BIMI logo in Gmail, Yahoo, and Apple Mail.
What BIMI Does and Why It Matters in 2026
BIMI works by allowing email providers to fetch and display a brand's verified logo when a message passes DMARC authentication and the sending domain has a valid BIMI record published in DNS. The logo appears in the sender's avatar position in the inbox — replacing the generic initial or auto-generated icon that non-BIMI senders display. For recipients, this creates immediate visual brand recognition and a trust signal that the email is authentic. For senders, BIMI has two commercial impacts: brand visibility (logo display increases sender recognition, which correlates with higher open rates — studies report 10-15% open rate lifts for BIMI-enabled senders) and a secondary deliverability benefit (BIMI requires DMARC at enforcement level, which improves authentication completeness scores and inbox placement).
BIMI's commercial case is strongest for consumer-facing brands with high email programme volume. A retail brand sending 5M marketing emails per month to Gmail-heavy audiences achieves measurable open rate improvement from consistent logo display in the inbox list view. B2B brands sending primarily to corporate Microsoft 365 environments have weaker BIMI commercial cases — Microsoft does not yet support standard BIMI logo display (as of mid-2026), reducing the logo reach for B2B programmes. However, even for B2B-focused senders, the DMARC enforcement requirement that BIMI mandates produces deliverability benefits that justify the implementation independently of the logo display benefit.
Prerequisites: DMARC Enforcement Before BIMI
BIMI has a hard prerequisite: DMARC must be at p=quarantine or p=reject (enforcement level) with pct=100 (applying to 100% of traffic). DMARC at p=none (monitoring mode) does not qualify for BIMI. This prerequisite is the most significant barrier to BIMI adoption — organisations that have DMARC at p=none must advance their DMARC policy to enforcement before BIMI can be implemented.
The path from p=none to BIMI-eligible p=quarantine: (1) Ensure all legitimate sending sources are correctly authenticated — SPF and DKIM both passing for all outbound mail. (2) Review DMARC aggregate reports weekly for 4-6 weeks to confirm all sources are showing DMARC pass. (3) Advance to p=quarantine with pct=10 (applies quarantine to 10% of failing traffic initially). (4) Monitor for legitimate mail being quarantined (check the ruf= forensic reports or aggregate report failure data). (5) Increase pct from 10 to 25 to 50 to 100 over 4-6 weeks. (6) Once at p=quarantine pct=100 with no legitimate mail being quarantined — BIMI prerequisites are met. For programmes already at p=quarantine or p=reject, skip to the VMC/CMC and logo setup steps.
The BIMI prerequisite check: verify via the DNS record that DMARC is at enforcement and pct=100:
dig TXT _dmarc.yourdomain.com # BIMI-eligible DMARC record example: "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc@yourdomain.com" # NOT BIMI-eligible: "v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com" # p=none "v=DMARC1; p=quarantine; pct=50; rua=mailto:dmarc@yourdomain.com" # pct not 100
VMC vs CMC: Which Certificate Do You Need?
BIMI has two certificate types that authenticate the relationship between a brand's sending domain and its logo. The certificate type required depends on which inbox providers you want logo display at and whether the brand has a registered trademark.
VMC (Verified Mark Certificate): The original BIMI certificate type, launched with Gmail's BIMI support in 2021. VMC requires a registered trademark for the logo in at least one jurisdiction recognised by the certificate authority (DigiCert, Entrust). The trademark requirement makes VMC unavailable to brands without registered trademarks. VMC is required for the Gmail verified checkmark (the blue checkmark badge that appears alongside the logo in Gmail, distinct from the logo display itself). Cost: approximately $1,200-2,000/year from DigiCert or Entrust. Validity period: 1 year (must renew annually).
CMC (Common Mark Certificate): Introduced in 2023-2024 as a more accessible alternative to VMC. CMC does not require a registered trademark — it requires proof of logo use for at least 12 months in public-facing materials. Gmail accepts CMC for logo display (but NOT for the verified checkmark, which remains VMC-only). Yahoo and Apple Mail also accept CMC. Cost: approximately $800-1,500/year. CMC has made BIMI accessible to organisations without trademark registrations — the most significant expansion of BIMI reach since its launch.
| Certificate | Trademark required? | Gmail logo display | Gmail checkmark | Yahoo | Apple Mail | Annual cost |
|---|---|---|---|---|---|---|
| VMC | Yes | Yes | Yes | Yes | Yes | ~$1,500-2,000 |
| CMC | No (12 months use) | Yes | No | Yes | Yes | ~$800-1,500 |
| Self-asserted (no cert) | No | No | No | Sometimes | No | Free |
The practical recommendation: if the brand has a registered trademark, pursue VMC — it provides the broadest provider support and the Gmail verified checkmark. If no trademark but 12+ months of consistent logo use, pursue CMC — it enables Gmail and Apple Mail logo display at lower cost and without trademark requirements. Self-asserted BIMI (no certificate) is only useful for Yahoo testing and is not worth implementing as a primary BIMI strategy for most senders.
SVG Logo Requirements: Tiny P/S Compliance
BIMI logos must be in SVG Tiny Portable/Secure (SVG P/S) format — a restricted subset of SVG that eliminates security risks from standard SVG features (external resource loading, scripts, filters, embedded images). Standard SVG files exported from Adobe Illustrator, Figma, or Inkscape are NOT SVG P/S compliant and will not work with BIMI without conversion.
The SVG P/S requirements that most commonly cause compliance failures:
- baseProfile must be "tiny-ps": The SVG root element must include
baseProfile="tiny-ps". Most design tool exports usebaseProfile="full"or omit the attribute entirely. - No external references: No external image links, no linked stylesheets, no external font references. All visual elements must be defined inline in the SVG file.
- No JavaScript: No script elements or event handler attributes.
- No filters or effects: drop-shadow, blur, and similar SVG filter effects are not permitted in Tiny P/S.
- Square aspect ratio: The viewBox should be square (e.g., "0 0 100 100"). Non-square logos will be cropped or distorted.
- File size under 32KB: The SVG file should be under 32KB. SVGO or similar SVG optimizers can reduce file size by removing metadata, comments, and redundant attributes.
Converting an existing SVG to SVG P/S: the recommended tool is SVGO (SVG Optimizer) with the svgo-bimi plugin, or the online converter at BIMI Group (bimigroup.org/svg-convertor/). After conversion, validate the result with the BIMI Group's SVG validator before using the file in production. Note: complex logos with gradients, shadows, or intricate vector paths may require manual simplification — SVGO conversion handles most compliance requirements but cannot redesign logos that fundamentally rely on non-compliant elements.
Publishing the BIMI DNS TXT Record
The BIMI record is published as a TXT record at default._bimi.yourdomain.com (for the default selector — BIMI supports custom selectors for multi-brand setups, but the default selector covers the vast majority of implementations). The record format:
# Basic BIMI record with VMC or CMC certificate default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://cdn.yourdomain.com/bimi-logo.svg; a=https://cdn.yourdomain.com/bimi-cert.pem" # Self-asserted BIMI (no certificate — Yahoo only, partial) default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://cdn.yourdomain.com/bimi-logo.svg;" # Components: # v=BIMI1 — BIMI version tag (required) # l= — URL of the SVG P/S logo file (required) # a= — URL of the VMC or CMC certificate PEM file (required for Gmail)
The logo URL (l=) must be served over HTTPS with a valid TLS certificate. The logo file must be publicly accessible without authentication — inbox providers fetch the logo directly from the URL in the BIMI record when displaying the logo in the inbox. The certificate file (a=) is the PEM file delivered by DigiCert or Entrust (for VMC) or the CMC-issuing CA after verification. Both files should be hosted on reliable, low-latency CDN infrastructure — slow logo loading causes display failures in the inbox.
After publishing the BIMI record: verify with the BIMI Group's inspection tool (bimigroup.org/bimi-generator-and-record-inspector/) or GlockApps BIMI checker. Both tools verify the DNS record syntax, confirm the logo file is accessible and SVG P/S compliant, and validate the certificate PEM file. Allow 24-48 hours for DNS propagation before expecting logo display in supported inboxes.
Gmail BIMI: VMC/CMC Requirements and the Checkmark
Gmail's BIMI implementation has two distinct display modes: logo display (the brand logo in the sender's avatar position) and the verified checkmark (a blue checkmark badge that appears alongside the logo). These are separate features with different requirements.
Gmail logo display: Requires a valid BIMI TXT record with a VMC or CMC certificate (a=https://...). DMARC at p=quarantine or p=reject with pct=100. The SVG P/S logo file accessible at the l= URL. Logo display in Gmail typically activates within 48-72 hours of a valid BIMI record being published, though some domains experience delays of 5-7 days on initial setup.
Gmail verified checkmark: Requires a VMC certificate (not CMC). The checkmark is Gmail's visual indicator of the highest level of email verification — it tells Gmail users that the sender has verified their trademark ownership through an authorised certificate authority. CMC-enabled senders see logo display but no checkmark. VMC-enabled senders see both logo and checkmark. The checkmark notably is not available to all VMC senders — Google reviews domains that have VMC and determines checkmark eligibility based on overall sending reputation and brand recognition. High-volume, high-reputation senders with VMC certificates are the target audience for the checkmark feature.
Yahoo, Apple Mail, and Other Provider Support
Yahoo Mail: The most permissive major BIMI implementation. Yahoo supports BIMI with VMC, CMC, and in some cases self-asserted logos (without a certificate) — making it the easiest provider to achieve logo display with. Yahoo's BIMI display is visible in the Yahoo Mail web client and mobile apps. For senders with significant Yahoo audience proportions, Yahoo BIMI provides logo display even before the more complex VMC/CMC certification process is complete — useful for testing BIMI logo rendering and DNS record syntax before pursuing Gmail certification.
Apple Mail / iCloud Mail: Apple Mail supports BIMI on iOS 16+, iPadOS 16+, and macOS Ventura 12+. Apple requires either a VMC or CMC certificate — self-asserted logos are not displayed in Apple Mail. Apple's BIMI implementation uses the logo in the sender avatar position in both the inbox list view and the open message view. For consumer-facing brands with high Apple Mail audience proportions (40-56% of Apple Mail users have MPP enabled, indicating Apple Mail is actively used), Apple Mail BIMI reach is significant.
La Poste (laposte.net): The French ISP supports BIMI and requires either a VMC or manual review and approval for non-VMC senders. La Poste is relevant for programmes with significant French audience proportions.
Microsoft (Outlook.com / Microsoft 365): As of mid-2026, Microsoft does not support standard BIMI logo display. Microsoft uses its own brand verification system through Microsoft 365 Defender's email authentication features, which is separate from the BIMI standard. BIMI implementations do not produce logo display in Outlook clients or Outlook.com — this is the significant gap in BIMI coverage for B2B-focused programmes with heavy Microsoft audience proportions.
BIMI Troubleshooting: Why Your Logo Does Not Appear
When a correctly configured BIMI record does not produce logo display, the following are the most common causes, in order of frequency:
▶ BIMI Troubleshooting Checklist
dig TXT _dmarc.yourdomain.com — must show p=quarantine or p=reject with pct=100. This is the most common root cause of BIMI non-display.BIMI is the culmination of the email authentication stack — the visible brand signal that only senders with correct authentication, DMARC enforcement, and verified logo ownership can achieve. Implementing BIMI correctly requires the complete authentication foundation that delivers the primary deliverability benefits; the logo display is the visible proof that the foundation is correctly built. Build the authentication stack first; advance DMARC to enforcement; then implement BIMI to complete the trust chain that turns correct authentication into visible brand credibility in the inbox.