What Is BIMI? How Brand Indicators for Message Identification Work

90.85% of domains have no BIMI record. A Validity analysis of 13,000 domains found the vast majority are sending email with a grey letter avatar next to their name instead of their actual brand logo. The companies that have set it up show their verified logo in Gmail, Yahoo, and Apple Mail before a recipient ever opens the message.

The barrier dropped significantly in 2025: Common Mark Certificates removed the trademark requirement. But 53.6% of existing BIMI records contain at least one error, most from certificate issues rather than DNS or logo format problems. And Microsoft Outlook, which handles a substantial share of B2B email, has no BIMI support and no public timeline for adding it.

This is what BIMI email is, how it works, what it costs, and the single factor that determines whether it's worth implementing for your domain.

What Is BIMI?

BIMI (Brand Indicators for Message Identification) is a DNS record that tells supported mailbox providers where to find your brand's verified logo so they can display it alongside your authenticated emails. It sits at the top of an authentication stack, SPF verifies your sending servers, DKIM signs your messages cryptographically, DMARC enforces policy when either fails, and BIMI delivers the visual reward: your logo in the inbox instead of a grey letter avatar.

Brand indicators for message identification is the full name. Most people pronounce it "bih-mee." BIMI email sits at the top of the authentication stack, it's the protocol that makes DMARC enforcement visible to recipients.

The practical effect is visible before anyone opens your email. Where a standard sender shows a grey circle with the letter "A" for Acme Corp, a BIMI-enabled sender shows Acme's actual logo, color, shape, and all. For recipients, it's an instant trust signal. For senders, it's brand presence at the moment of decision.

The critical constraint: BIMI doesn't operate independently. It evaluates whether the entire authentication stack below it is correctly configured before a logo is ever displayed.

How BIMI Works: The Authentication Stack

The Four Prerequisites

BIMI requires four things to be in place before a logo can appear in any inbox:

1. SPF: a DNS TXT record listing the IP addresses and services authorized to send email from your domain. Required for authentication baseline.

2. DKIM: a cryptographic signature attached to every outgoing message, allowing receiving servers to verify the content wasn't altered in transit.

3. DMARC at p=quarantine or p=reject: this is the non-negotiable one. DMARC at p=none is monitoring-only and does not qualify for BIMI. The domain must be actively enforcing policy on authentication failures. Not someday. Before BIMI.

4. An SVG logo in Tiny 1.2 format: square aspect ratio, no scripts, no animations, no interactive elements, no x= or y= attributes. Most standard SVG files need conversion before they qualify. Adobe Illustrator exports this format directly; online converters work for simpler logos.

Only when all four are in place does a supported mailbox provider consult the BIMI DNS record to retrieve and display the logo.

The BIMI DNS Record

The BIMI record is published as a TXT record at default._bimi.yourdomain.com. A complete record looks like this:

; BIMI DNS record — points to your logo and certificate
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yoursite.com/logo.svg; a=https://yoursite.com/bimi.pem"

The v=BIMI1 identifies the record type. The l= field is the URL of your SVG logo. The a= field is the URL of your certificate PEM file, required for Gmail and Apple Mail and optional for Yahoo.

Yahoo accepts self-asserted BIMI with no certificate. Gmail requires a VMC or CMC. Apple Mail requires a VMC specifically. The certificate type you need depends entirely on which inboxes you want to support.

VMC vs CMC: Which Certificate Do You Need?

Verified Mark Certificate (VMC)

The premium tier. A verified mark certificate (VMC) requires a registered trademark for your logo. The trademark must be active and cover the exact logo you want to display. Certificate Authorities that issue VMCs: DigiCert and Entrust.

Cost: $750 to $1,700 per year depending on the CA and reseller. If you don't already have a registered trademark, add $250 to $1,000 or more in filing and legal costs.

A VMC enables Gmail logo display with the blue verified checkmark badge, Apple Mail logo display, and all other supported providers. The blue checkmark is the Gmail signal that this sender has gone through verified mark certification, the visual equivalent of a blue tick on social media.

Timeline: 2–6 weeks for certificate issuance after trademark validation is confirmed.

Common Mark Certificate (CMC)

The accessible tier, introduced to remove the trademark barrier. A CMC does not require a registered trademark, but it requires proof that your logo has been in public use for at least 12 months on a website you control. Certificate Authorities verify this through archive.org snapshots.

Cost: $100 to $950 per year depending on the CA and product. A single CMC can cover up to 250 sending domains for Gmail, a significant advantage for organizations with multiple sending domains.

A CMC enables Gmail logo display without the blue checkmark badge, Yahoo Mail, and Fastmail. Not Apple Mail.

Timeline: 1 to 4 weeks. Preparing all validation documents upfront (articles of incorporation, logo history, domain ownership proof) speeds this significantly.

Self-Asserted BIMI (Free)

No certificate. The BIMI record points to the SVG logo with no a= certificate field. Works on Yahoo Mail and Fastmail only. Gmail and Apple Mail ignore self-asserted BIMI completely.

Which Inboxes Support BIMI in 2026?

This is the table that determines whether BIMI is worth your time. It depends almost entirely on where your recipients read email.

The Outlook situation deserves its own note. Microsoft does not support BIMI as a receiver in Outlook.com, Hotmail, or Microsoft 365 as of May 2026. A Microsoft Q&A moderator confirmed there are no short-term plans or roadmap items for Exchange Online to support it. Microsoft participates in the BIMI Group working group and supports BIMI as a sender through Dynamics 365, but receiver-side display in standard Outlook is not available and has no confirmed timeline.

For B2B senders whose contact lists are primarily on Microsoft 365, common in enterprise and mid-market segments, this gap is significant. Your authentication work still protects your deliverability, but the visual brand presence BIMI delivers simply doesn't reach that segment.

Is BIMI Worth It For You?

Whether BIMI is worth implementing depends almost entirely on where your recipients read email. It is not a universal upgrade. It is a targeted investment that delivers measurable ROI in specific conditions and near-zero visual impact in others.

Is BIMI worth implementing in 2026? BIMI delivers measurable ROI for B2C senders with Gmail-heavy audiences, the logo display improves inbox placement recognition before open and builds trust at first glance. For B2B senders whose contacts are primarily on Microsoft 365, the visual payoff disappears for that segment. The DMARC enforcement BIMI requires is worth doing regardless. The logo display only works where your recipients actually read email.

Three questions to run before committing to BIMI:

1. What percentage of your recipients use Gmail or Yahoo? If it's above 50%, BIMI has measurable visual impact on that segment. If most of your list is on corporate Microsoft 365 domains, the logo won't display for them regardless of implementation quality.

2. Do you have, or can you get, a registered trademark? If yes, a VMC gives you Gmail's blue checkmark and Apple Mail support. If your logo has 12 months of verifiable public use, a CMC at roughly $650/year is the accessible path. If neither applies, self-asserted BIMI covers Yahoo and Fastmail at no cost.

3. Is DMARC enforcement already active? BIMI requires DMARC at p=quarantine or p=reject, not p=none. If DMARC enforcement isn't in place, that project comes first. The minimum realistic timeline to DMARC enforcement from scratch is 4 to 6 weeks of monitoring at p=none before moving to quarantine or reject safely.

One more number worth knowing: 53.6% of existing BIMI records have at least one error. The most common cause is not DNS misconfiguration or logo format problems. It's the certificate. Wrong certificate type, inadequate prior-use proof for CMC validation, misconfigured PEM file, or a trademark that doesn't match the logo exactly. The technical implementation is straightforward. The certificate process is where most deployments fail.

BIMI requires DMARC enforcement at p=quarantine or p=reject. But DMARC enforcement only protects your reputation if the underlying list is clean. A domain with proper DMARC alignment that sends to invalid addresses and spam traps will still accumulate bounce rate and spam complaints that damage email deliverability regardless of BIMI status. The authentication stack and list quality are two separate problems that both need to be solved.

Email verification removes the invalid addresses that generate hard bounces before they affect your sender reputation, protecting the DMARC enforcement that BIMI sits on top of. For context on how authentication and list quality together affect campaign performance, the email deliverability benchmarks for 2026 show senders with verified lists and DMARC enforcement maintaining bounce rates below 1%.

BIMI requires DMARC enforcement. DMARC enforcement requires a clean list. Verify your list free →

How to Set Up BIMI

Step 1: Confirm Your Authentication Stack

Before touching BIMI, verify that SPF, DKIM, and DMARC are correctly configured. Run your domain through MxToolbox to confirm each record exists and passes. Check your DMARC policy: if it shows p=none, you're in monitoring mode. BIMI requires p=quarantine or p=reject at pct=100 before any logo will display in Gmail.

Step 2: Prepare Your SVG Logo

Convert your logo to SVG Tiny 1.2 format. The logo must be square, must not contain scripts or animations, and must not use x= or y= attributes. Most logos exported from standard design tools need post-processing. Adobe Illustrator supports SVG Tiny 1.2 export directly. BIMI Inspector (bimi-inspector.com) validates whether your SVG meets specification before you publish anything.

Step 3: Get Your Certificate

Choose VMC if you have a registered trademark and want Gmail's blue checkmark or Apple Mail support. Choose CMC if your logo has 12 months of verifiable public use and you want Gmail display without the checkmark. Choose self-asserted if you only need Yahoo and Fastmail coverage at no cost.

Certificate Authorities issuing BIMI certificates: DigiCert, Entrust, Sectigo, GlobalSign, and SSL.com. Host the issued PEM file at a stable HTTPS URL. CaptainDNS offers free hosting for up to 5 domains with automatic expiration alerts.

Step 4: Publish the BIMI Record and Verify

Publish the TXT record at default._bimi.yourdomain.com. Allow 24–48 hours for DNS propagation. Validate with BIMI Inspector or MxToolbox's BIMI lookup tool before assuming it's live.

Pro Tip: "Run a BIMI record check before announcing the launch. More than half of BIMI records have errors — mostly from certificate issues that aren't visible in basic DNS checks. BIMI Inspector shows exactly what Gmail and Yahoo will see when they query your record."

Authentication First. Logo Second.

BIMI is the visual reward for doing email authentication correctly. Not the other way around.

The correct sequence: clean your list so hard bounces and spam complaints don't undermine your sender reputation, configure SPF, DKIM, and DMARC with DMARC at enforcement level, then implement BIMI if your audience distribution makes it worth the certificate cost.

For B2C senders with Gmail-heavy audiences, BIMI email has measurable impact on open rates and brand recognition. For B2B senders with Microsoft 365-heavy contact lists, the value is in the authentication stack. DMARC enforcement protects your domain from spoofing, builds sender reputation, and improves email deliverability regardless of whether recipients ever see your logo through email authentication.

Either way, the email authentication stack starts with list quality. EmailAwesome processes lists of up to 20,000 contacts in under 10 minutes. Unknown results are never charged.

Start with 1,000 free verifications →

‍