Open your Gmail inbox and scroll through your emails. Some have colorful brand logos next to them—the Netflix 'N', the LinkedIn icon, your bank's logo. Others just have a generic initial or a gray silhouette. Which emails do you trust more instinctively?
That logo display isn't random, and it isn't just Gmail pulling images from somewhere. It's BIMI—Brand Indicators for Message Identification—a standard that lets domain owners specify which logo should appear next to their authenticated emails.
BIMI is the newest piece of the email authentication puzzle, and it's different from SPF, DKIM, and DMARC in an important way: it's not about security directly. It's about leveraging your security posture to build brand recognition and trust. Think of it as the reward for doing email authentication right.
How BIMI works
The mechanics of BIMI are straightforward. You publish a DNS record that points to your logo file. When a supporting email client receives an authenticated email from your domain, it looks up your BIMI record, fetches the logo, and displays it next to the email.
But here's the catch: BIMI only works if your email passes DMARC with a policy of quarantine or reject. If you're still at p=none, or if the specific email fails authentication, no logo. This is intentional—BIMI is designed to be a trust indicator, and that trust is meaningless if anyone can display any logo.
The logo itself must be in SVG format, specifically SVG Tiny Portable/Secure (SVG P/S). This is a restricted subset of SVG that prevents embedded scripts or external references—security measures to prevent the logo itself from being an attack vector. Your marketing team's logo file probably isn't in this format; you'll need to convert it.
Some email providers (notably Gmail) also require a Verified Mark Certificate (VMC) from a certificate authority. This adds another layer of verification—the CA confirms that you actually own the trademark for the logo you're trying to display. It's an additional cost and process, but it prevents someone from registering a lookalike domain and displaying your logo.
The business case for BIMI
BIMI requires effort: DMARC enforcement, logo preparation, possibly a VMC. Is it worth it?
The data suggests yes, at least for brands that send significant email volume. Studies have shown that emails with BIMI logos see higher open rates—some reports cite 10% or more improvement. This makes intuitive sense: a recognizable logo in a crowded inbox draws the eye and signals legitimacy.
There's also a defensive benefit. If your brand is frequently impersonated by phishers, BIMI helps your legitimate emails stand out. Recipients learn to look for the logo; its absence becomes a warning sign. You're essentially training your audience to spot fakes.
For B2B companies, BIMI signals technical sophistication. If you're selling to other businesses, especially in tech or security-conscious industries, having BIMI implemented shows you take email seriously. It's a small thing, but small things add up in building trust.
The counterargument is that BIMI support is still limited. Gmail and Yahoo support it; Microsoft is piloting it; many smaller providers don't. If most of your recipients use Outlook, the investment might not pay off yet. But email client support is expanding, and early adopters get the benefit of standing out while BIMI is still relatively rare.
Setting up BIMI
Before you start, verify that your DMARC policy is at p=quarantine or p=reject with good alignment rates. BIMI won't work without this foundation. If you're still working toward DMARC enforcement, finish that first.
Next, prepare your logo. It needs to be square, centered, and work at small sizes (it'll often display at 40x40 pixels or smaller). The file must be SVG Tiny P/S format. There are online converters, but for best results, have a designer create a version specifically optimized for this use case.
Host the logo file at a publicly accessible HTTPS URL. This URL goes in your BIMI record, so it needs to be stable and reliable. Don't host it on a server that might go down or a URL that might change.
If you're targeting Gmail, you'll need a Verified Mark Certificate. This requires having a registered trademark for your logo and going through a verification process with a certificate authority like DigiCert or Entrust. The certificate isn't cheap (typically $1,000+ per year), but it's required for Gmail display.
Finally, publish your BIMI DNS record. It's a TXT record at default._bimi.yourdomain.com containing your logo URL and, if you have one, your VMC URL. The format is: v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/cert.pem
After publishing, test by sending emails to Gmail and Yahoo accounts. It can take a few days for the logo to start appearing—there's caching involved. If it's not showing up after a week, check your DMARC alignment and verify the logo file meets the format requirements.
BIMI's future
BIMI is still evolving. The standard is relatively new, and adoption is growing but not universal. What does the future look like?
More email clients will likely add support. Microsoft's pilot suggests Outlook support is coming. As BIMI becomes table stakes for major brands, smaller email providers will face pressure to implement it too.
The VMC requirement might become more widespread or might be relaxed. Currently, only Gmail requires it, but other providers might follow. Alternatively, as the ecosystem matures, there might be lower-cost verification options.
There's also discussion about extending BIMI beyond static logos—potentially to verified sender names or other trust indicators. The underlying infrastructure (DMARC enforcement plus DNS-based assertions) could support various trust signals.
For now, BIMI is a nice-to-have rather than a must-have for most organizations. But if you've already achieved DMARC enforcement, adding BIMI is relatively low effort for a meaningful brand benefit. And if you haven't achieved DMARC enforcement yet, BIMI is one more reason to prioritize that project.
Frequently asked questions
Does BIMI work in all email clients?
No. Gmail and Yahoo Mail support BIMI. Apple Mail has partial support. Microsoft Outlook is in pilot. Many smaller email clients don't support it yet. Check current support before investing heavily.
Do I need a Verified Mark Certificate?
For Gmail, yes. For Yahoo and most other supporting clients, no—they'll display your logo without a VMC. If Gmail is a significant portion of your recipients, the VMC is worth considering.
Can I use any logo?
The logo must be in SVG Tiny P/S format, square, and should be recognizable at small sizes. If you're getting a VMC, it must match a registered trademark. You can't just use any image.
How long does BIMI take to start working?
After publishing your DNS record, it can take several days for logos to appear due to DNS caching and email client caching. If it's not working after a week, troubleshoot your DMARC alignment and logo format.