Blog article

  • 8 minutes read
Author Profile Picture
  • Kiara Saloojee
  • DMARC Enthusiast

The BIMI Checkmark: What It is and How to Attain It

Bimi Blue Checkmark

BIMI checkmark overview:

  • The BIMI checkmark is a brand authentication signal rendered by supporting mailbox providers – it isn’t a security feature
  • BIMI is only accessible to organizations with an enforced DMARC policy – a policy of p=none doesn’t meet the requirements
  • Providers require a VMC for the BIMI checkmark – a CMC enables logo display in some environments, but won’t show a BIMI checkmark
  • The timeline varies for every company – VMC issuance typically takes two to four weeks, while trademark registration can take up to a year

Most people have seen a small checkmark appear next to a brand’s logo in their inbox. Few know what it means or how it gets there. This article explains how it works, what your business needs to have in place to get it, and where most organizations get stuck.

Getting the BIMI checkmark requires more groundwork than most companies expect. Sendmarc handles the full BIMI implementation process – see how.

Book a Demo

Explaining the BIMI Checkmark

BIMI is an email specification that lets businesses display a verified logo in supporting inboxes. It sits on top of a fully enforced DMARC foundation – which means BIMI is only accessible to organizations that have already completed the underlying authentication work.

The BIMI checkmark is a visual indicator displayed by certain mailbox providers next to a verified logo in the inbox. It signals that the sender’s logo has been authenticated through BIMI and a supporting certificate.

The BIMI checkmark is rendered by the mailbox provider. Providers display it only after verifying that the requirements are met. It isn’t universally visible – meaning recipients using unsupported clients won’t see the checkmark, regardless of your configuration.

To display the checkmark specifically, mailbox providers require a Verified Mark Certificate (VMC). A VMC validates logo ownership and is issued by an accredited Certificate Authority (CA). Your company references this certificate in a BIMI DNS TXT record, which tells providers where to find both the certificate and your approved logo file.

Without a valid VMC, providers won’t display the BIMI checkmark. A Common Mark Certificate (CMC) enables logo display in some environments but doesn’t display a checkmark.

One clarification that matters: The BIMI checkmark is a brand authentication signal. It isn’t a security feature. It doesn’t prevent phishing, spoofing, or domain impersonation.

What You Need for a BIMI Checkmark

The BIMI checkmark has a defined set of prerequisites. Most businesses underestimate what’s required before a supporting provider displays their checkmark. The following must be in place:

  • A DMARC policy set to p=quarantine or p=reject
  • Correctly configured and aligned SPF and DKIM records
  • An SVG Tiny PS logo file – a specific, standardized format
  • A BIMI DNS TXT record, pointing to your certificate and logo
  • A valid VMC obtained from an accredited CA

The DMARC enforcement requirement is the practical bottleneck for most organizations. Many have DMARC in place at p=none – a monitoring policy that collects reports but doesn’t offer any protection. That configuration doesn’t qualify for BIMI.

How Long It Takes To Obtain a BIMI Checkmark

The time it takes to get a BIMI checkmark varies for every company, and your current DMARC configuration is a significant factor.

If DMARC is already at enforcement, the VMC issuance process typically takes two to four weeks. One additional factor: A VMC requires a registered trademark for your logo. If your trademark isn’t registered, that process can take up to a year, and should be factored into your overall timeline.

If your DMARC policy is currently at p=none, the timeline is longer. Moving to enforcement requires identifying every legitimate source sending email on your domain’s behalf, correcting misconfigurations, and gradually tightening your policy – from p=none to p=quarantine, then to p=reject – while monitoring to ensure legitimate email isn’t affected.

For businesses with a straightforward email environment, this process can take three months. For enterprises managing multiple domains and third-party senders, it can take significantly longer.

The complexity of your environment is the primary variable. A single domain with one or two sending platforms is a different project from a distributed organization where marketing, HR, finance, and regional teams each operate their own email tools. The more senders involved, the more coordination is required before enforcement becomes safe.

Get a BIMI Checkmark with Sendmarc

Sendmarc’s enterprise email authentication solution helps companies of all sizes acquire a BIMI checkmark. With the Sendmarc Platform, businesses can:

  • Achieve DMARC Enforcement: Sendmarc provides the visibility and management tools needed to move from p=none to enforcement without disrupting legitimate email flow
  • Purchase a VMC: Sendmarc supports VMC procurement during the implementation process
  • Implement and Manage BIMI: Sendmarc handles BIMI configuration and ongoing management

See how Sendmarc simplifies the entire BIMI implementation process for your organization.

Book a Demo