Email marketing is highly competitive. Your subscribers are overwhelmed with messages, and standing out in a crowded inbox is harder than ever. You can write the perfect subject line, but if your email looks like every other generic message, your open rates will suffer.
This is where Brand Indicators for Message Identification (BIMI) changes the game.
BIMI is an email specification that displays your official, verified brand logo right next to your sender name in the inbox. Before a subscriber even reads your subject line, they see your brand. It provides instant visual recognition, builds trust, and directly drives higher open rates.
But getting that logo to appear requires a flawless technical setup. Mailbox providers like Gmail and Apple Mail are incredibly strict. A single missing line of code will cause your setup to fail silently.
This guide provides the complete, step by step blueprint to configuring BIMI correctly so you can finally get your logo into your customers inboxes.
The Prerequisite: You Must Be at DMARC Enforcement
Mailbox providers will not display your logo if your domain is vulnerable to spoofing. BIMI is specifically designed as a visual reward for organizations that take email security seriously.
Before you even think about formatting your logo, you must verify your DMARC record. Mail providers check this record first. If your security is lacking, they will ignore your BIMI setup entirely.
Your DMARC record must meet these exact criteria:
- A Strict Policy: Your main policy tag (p=) must be set to quarantine or reject. A monitoring policy of p=none is not allowed.
- Strict Subdomains: If you use a subdomain tag (sp=), it must also be set to quarantine or reject.
- Full Coverage: Your policy must apply to 100 percent of your emails. The percentage tag (pct=100) is mandatory.
Moving a domain from p=none to p=reject can be intimidating. If you skip steps, you risk blocking your own legitimate marketing emails or internal communications. If you are struggling to reach strict enforcement, using a solution like DMARCS gives you the visibility to map your sending sources, fix authentication errors, and safely lock down your domain without losing emails.
Step 1: Create Your SVG Tiny PS Logo File
This is the number one reason BIMI setups fail. You cannot upload a standard PNG, JPG, or even a normal SVG file. BIMI requires a highly secure, stripped down image format called SVG Tiny PS (Portable/Secure).
This format ensures your logo loads instantly on mobile devices and cannot contain malicious tracking scripts.
Design Rules:
- Perfect Square: The image canvas must be a 1:1 ratio.
- Center Focus: Keep your design dead center. Email apps will crop your square into a circle, so leave generous empty space around the edges.
- Solid Background: Do not use a transparent background. Transparent logos often turn completely black or invisible when a user switches their phone to dark mode.
- Small File Size: The final file must be strictly under 32 kilobytes.
How to Code the File: Standard graphic design software does not export valid Tiny PS files. You have to open the file and modify the XML code manually.
- Export your logo from your design software as an SVG.
- Open that file using a plain text editor like Notepad.
- Find the opening <svg> tag at the very top of the document.
- Change the base profile attribute to read exactly like this: baseProfile=”tiny-ps”.
- Press enter after that opening tag and add a <title> tag containing your company name.
- Delete any attributes that say x=, y=, or overflow= from the root <svg> tag.
- Save the file.
Once your file is formatted, upload it to a secure HTTPS server on your website. Copy the direct link to the image.
Step 2: Secure a Verified Mark Certificate (VMC)
A Verified Mark Certificate (VMC) is a digital document that proves your company legally owns the logo you are trying to display. While a few smaller email clients will show your logo without one, major providers like Gmail and Apple Mail will block your logo unless you have a valid VMC.
To get a VMC, you have to clear two hurdles:
1. Trademark Registration Your logo must be a registered trademark recognized by an official intellectual property office, such as the USPTO in the United States. Pending trademark applications or unregistered logos will be rejected.
2. Identity Validation You must purchase the VMC from an approved Certificate Authority like DigiCert or Entrust. They will run a strict background check on your business to verify your identity and confirm your trademark ownership.
Once approved, the Certificate Authority will issue a certificate file ending in .pem. Upload this file to your HTTPS server right next to your SVG logo file.
Step 3: Publish the BIMI DNS Record
Now that your files are live on your server, you need to tell mailbox providers where to find them. You do this by adding a simple text (TXT) record to your domain’s DNS.
You must publish this TXT record at the default._bimi selector. For example, if your company website is yourbrand.com, the record name will be: default._bimi.yourbrand.com
The value of the record contains the links to your files. It must follow this exact syntax: v=BIMI1; l=https://yourbrand.com/logo.svg; a=https://yourbrand.com/certificate.pem;
- v=BIMI1: The version tag. This must always come first.
- l=: The location tag. Paste the direct HTTPS link to your SVG Tiny PS file here.
- a=: The authority tag. Paste the direct HTTPS link to your VMC file here.
Step 4: Validate Your Setup
DNS changes can take up to 48 hours to propagate across the internet. However, you should not wait two days just to find out you missed a quotation mark in your code. BIMI requires absolute perfection.
To guarantee your setup works, use our BIMI Analyser immediately after publishing your DNS record.
The BIMI Analyser will perform a deep audit of your configuration. It checks your DMARC enforcement level, inspects your DNS record for spelling errors, reads the raw code of your SVG file to ensure it matches the Tiny PS standard, and validates your VMC chain. If there is a formatting error, the analyser will point out the exact line of code you need to fix.
Common Troubleshooting Questions
Why is my logo showing in Yahoo but not Gmail? Yahoo does not currently require a VMC to display BIMI logos, but Gmail does. If your logo appears in Yahoo but is missing in Gmail, your VMC is either missing from your DNS record or the link to the file is broken.
Does Microsoft Outlook support BIMI? No. Microsoft currently does not support the BIMI protocol. They use their own internal business profile system to display sender logos. Setting up BIMI will not change how your emails look in Outlook.
My files and DNS are perfect, but my logo is still not showing up. Why? Mailbox providers also factor in your sender reputation. If your domain is new, or if you have a high spam complaint rate, providers like Gmail may choose not to display your logo even if your technical setup is flawless. Maintain good sending habits and keep your spam rates low.
Turning Email Security Into a Visual Advantage
For years, email authentication was a purely defensive IT measure. You locked down your domain to stop spoofing, and the results remained entirely invisible to your customers. BIMI fundamentally flips that dynamic. It transforms your backend security into a frontend marketing asset.
The technical requirements to get your logo into the inbox—from hand-coding an SVG Tiny PS file to undergoing the legal verification for a VMC—are undeniably rigorous. But that high barrier to entry is exactly what makes BIMI so valuable. It immediately separates verified, premium brands from the endless noise, spam, and clutter of the standard inbox.
However, that visual advantage remains completely locked until your domain reaches strict DMARC enforcement. If the fear of blocking legitimate marketing or transactional emails is keeping your organization stuck on a p=none monitoring policy, you are leaving both security and brand visibility on the table.
This is where DMARCS bridges the gap. By giving you absolute, granular visibility into your email traffic, DMARCS allows you to safely and confidently migrate to a strict policy without the deliverability risks. Lock down your domain, publish your verified BIMI record, and give your audience the immediate visual trust they need to open your emails.
