BIMI: how to get your logo to show next to your emails

BIMI (Brand Indicators for Message Identification) is the standard that puts your brand logo next to your messages in supporting inboxes. It is a visible trust signal, but it is also the reward at the end of a chain of email-authentication work, not a quick setting.

What BIMI actually is

A BIMI record is a DNS TXT record at default._bimi.yourdomain.com that points to a logo file (an SVG in a specific profile) and, optionally, to a verification certificate. When a mailbox provider that supports BIMI receives a message that passes authentication, it fetches the logo and displays it.

The key word is authentication. BIMI is deliberately not something you can set unilaterally to brand other people's spoofs of you. The logo only appears because the message provably came from you.

Why DMARC has to come first

BIMI requires your domain to have a DMARC policy at enforcement (p=quarantine or p=reject), not merely p=none. The logic is sound: a logo is a strong trust cue, so providers only grant it to domains that have committed to rejecting forged mail. If your DMARC is still in monitoring mode, BIMI will not display no matter how perfect the record is.

So the real path to BIMI is: get SPF and DKIM aligned, move DMARC to enforcement without breaking legitimate mail, then publish the BIMI record.

VMC: the verified logo

Some providers (notably Gmail) require a Verified Mark Certificate, a paid certificate that confirms you own the trademark on the logo. Without a VMC, certain inboxes show the logo only if you also meet their stricter bar; with one, support is broader. Whether the cost is worth it depends on how much inbox real estate matters to your brand.

You can check whether a domain publishes a valid BIMI record with the BIMI Record Checker. Since BIMI depends entirely on DMARC, start with SPF, DKIM and DMARC explained and moving DMARC to reject without bouncing real mail.