What is a BIMI record?
BIMI (Brand Indicators for Message Identification) is a DNS TXT record, published at default._bimi.yourdomain.com, that tells participating mailbox providers where to find your brand logo. When your mail passes DMARC on an enforced policy, providers such as Gmail, Yahoo, and Apple Mail can render that logo beside the sender name — a visible trust signal your recipients recognise.
The logo must be a specially formatted SVG (SVG Portable/Secure profile). Gmail and Apple additionally require a Verified Mark Certificate (VMC) or Common Mark Certificate, referenced by the a= tag, that proves you own the trademark. BIMI does not improve authentication on its own — it is the reward layer that sits on top of SPF, DKIM, and an enforced DMARC policy.
Why check your BIMI record?
1Confirm the logo will actually render
A single syntax slip in the record means providers silently skip your logo — verify it parses before you rely on it
2Validate the logo and certificate URLs
Both the l= SVG and a= certificate must resolve over HTTPS — a broken link disables the indicator
3Protect a hard-won brand investment
VMCs are costly to obtain, so make sure the record referencing yours is live and correct
4Verify DMARC enforcement is in place
BIMI only works with an enforced DMARC policy — a checker confirms the prerequisite is met
How BIMI works — step by step
You publish an SVG logo and, where required, obtain a Verified Mark Certificate from an authorised issuer.
You add a BIMI TXT record at default._bimi.yourdomain.com pointing to the logo (l=) and certificate (a=).
A recipient receives your email and their provider runs SPF, DKIM, and DMARC checks.
If the message passes DMARC on an enforced policy, the provider fetches and validates your logo and certificate.
The verified logo is displayed next to your sender name in the recipient’s inbox.
BIMI record syntax
default._bimi.example.com. 3600 IN TXT "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"Tag breakdown
v=BIMI1— protocol version, always firstl=— HTTPS URL of the SVG logoa=— HTTPS URL of the VMC/CMC certificateCommon BIMI failures and fixes
DMARC not enforced
BIMI is ignored unless DMARC is at p=quarantine or p=reject — tighten your policy first
Wrong SVG profile
Only the SVG Tiny Portable/Secure profile is accepted — export your logo to that exact spec
Missing VMC
Gmail and Apple require a valid certificate in a= — a logo-only record will not display there
Non-HTTPS or dead URLs
The l= and a= links must load over HTTPS — a redirect or 404 disables the indicator
Frequently Asked Questions
BIMI (Brand Indicators for Message Identification) is a standard that lets supporting mailbox providers display your verified brand logo next to your emails in the inbox. You publish a DNS TXT record at default._bimi.yourdomain.com pointing to a specially formatted SVG logo and, where required, a certificate. It is a visible trust signal that rewards domains with strong email authentication.
Yes. BIMI only takes effect when your domain has an enforced DMARC policy — that is, p=quarantine or p=reject, not p=none — and the message passes DMARC. If DMARC is missing or set to none, providers ignore your BIMI record entirely, so getting authentication right is the prerequisite for the logo to appear.
A Verified Mark Certificate (VMC) is a certificate from an authorised issuer that proves you own the trademark on your logo. Gmail and Apple Mail require a valid VMC (or, in some cases, a Common Mark Certificate) referenced in the a= tag of your record before they will display the logo. Some other providers show a logo without one, but for the widest reach a certificate is needed.
BIMI requires a very specific format: an SVG using the SVG Tiny Portable/Secure (SVG P/S) profile. A regular SVG, PNG, or JPG will be rejected. The logo should be square, use a solid background, and be exported to that exact profile — many design tools need a dedicated export step or a conversion utility to produce a compliant file.
The usual causes are DMARC not being enforced, a missing or invalid VMC, an SVG that is not in the P/S profile, or the l= and a= URLs not loading over HTTPS. This checker confirms the record exists and parses; from there, verify DMARC enforcement and that both URLs resolve to valid, correctly formatted files.