BIMI implementation: A complete guide to adopting BIMI

Boost your organization’s email deliverability, strengthen brand visibility, and protect your domain from phishing attacks with expert BIMI implementation. Book a demo with Sendmarc today to see how we ensure tailored support and seamless setup.
Book a demo

What is BIMI, and why does it matter?

Brand Indicators for Message Identification (BIMI) is a growing email standard that allows businesses to display their brand logos alongside authenticated messages in recipients’ inboxes. This visual indicator helps recipients quickly identify legitimate emails from your company, increasing both trust and engagement.

While email authentication protocols such as Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC) help verify email legitimacy, they don’t offer a visual confirmation to recipients. BIMI fills that gap.

BIMI works alongside your organization’s existing email authentication setup, complementing the protocols below.

  • SPF: Validates that emails are sent from authorized servers
  • DKIM: Uses cryptographic signatures to ensure email content hasn’t been altered
  • DMARC: Defines how to handle emails that fail authentication checks

Together, these protocols secure your business’s domain from cyberattacks, while BIMI enhances recipient trust by displaying your company’s logo.

Benefits of BIMI implementation

BIMI records offer significant advantages:

Improved email deliverability

Email servers are more likely to accept messages from authenticated senders, leading to higher delivery rates and stronger engagement.

Enhanced brand visibility and recognition

Your organization’s logo is prominently displayed in inboxes, making its emails more recognizable and boosting brand recall.

Increased recipient trust and email security

Seeing a logo helps recipients trust that your business’s emails are legitimate, which reduces the risk of phishing and spoofing attacks.

Through BIMI configuration, your company can protect its customers and elevate its brand presence in every inbox. Ready to see how we can help your organization achieve these results? Book a demo with Sendmarc to simplify your business’s BIMI setup.

Book a demo

BIMI implementation requirements: How to get started

Before your company can display its logo in inboxes, its domain must meet several key BIMI requirements:

1. Proper email authentication setup

To qualify for BIMI, your organization’s domain must already implement and enforce three core email authentication protocols:

  1. SPF: Publish SPF records in your DNS to specify which email servers are authorized to send messages on behalf of your domain.
  2. DKIM: Set up DKIM to cryptographically sign your outgoing email with a private key. The recipient’s server uses your published public key to verify the signature.
  3. DMARC: Your DMARC policy must be set to either quarantine or reject, not just monitoring (p=none). This tells email providers how to handle unauthenticated emails, a strict requirement for BIMI.

2. BIMI certificates

To display your business’s logo securely in inboxes, you might need one of the following BIMI certificates:

  • Verified Mark Certificate (VMC): The VMC is the most widely supported and trusted certificate type issued by Certificate Authorities (CAs). To qualify, your logo must be a registered trademark. This certificate ensures strong compatibility with major email providers like Apple Mail.
  • Common Mark Certificate (CMC): A newer and more accessible option, the CMC doesn’t require trademark registration. It is currently supported by fewer providers, making it less reliable for logo display.

3. Logo specifications

Your company’s BIMI logo must meet strict formatting and hosting requirements:

  • Format: Square SVG Tiny 1.2 file
  • Content: Simple, recognizable, and scalable
  • Hosting: The logo must be publicly accessible via HTTPS

4. BIMI DNS record

Your organization will need to publish a BIMI TXT record in its DNS. This record tells email providers where to find the logo and certificate.

Example BIMI DNS record format:

HostTypeValue
default._bimi.yourdomain.comTXTv=BIMI1; l=logo_url; a=certification_authority;

Meeting these requirements is essential for successful BIMI implementation and logo display across supporting email clients.

How to ensure correct BIMI implementation

Follow these five steps to successfully set up BIMI for a domain:

Step 1: Ensure proper email authentication

Confirm that your business’s SPF, DKIM, and DMARC records are configured correctly. The DMARC policy must be set to quarantine or reject. Use a DMARC record checker to validate your company’s setup. Create a square logo in SVG Tiny format, ensuring it’s clean and scalable. Host the logo on a secure HTTPS server that’s publicly accessible.

Step 3: Obtain a BIMI certificate

Apply for either a VMC or a CMC from a trusted CA. These are optional.
  1. A VMC requires proof of trademark and typically costs between $1 000 and $1 500 per year (at the time of writing).
  2. A CMC is a more cost-effective alternative but offers limited compatibility.

Step 4: Add BIMI record

Add the BIMI TXT record to your domain’s DNS zone, including the URLs for the logo and certificate. If needed, consult an IT team or DNS provider to ensure accurate configuration.

Step 5: Verify the BIMI setup

Use BIMI record validators and email testing tools to confirm that your organization’s setup is complete and that its logo displays correctly in email clients.

Best practices after BIMI implementation

To maintain BIMI effectiveness and ensure logo display, follow these best practices:

  • Renew BIMI certificates regularly: BIMI certificates typically expire annually. Set reminders to renew them on time to avoid loss of logo display in inboxes.
  • Continuously monitor email authentication: Maintain compliance with SPF, DKIM, and DMARC. Failed authentication can prevent BIMI from functioning correctly.
  • Use validation tools: Leverage tools that verify DNS configurations to ensure your business’s implementation remains effective.
  • Coordinate across teams: Work closely with both IT and marketing teams to manage logo updates and DNS record changes. This ensures alignment between security and brand representation.
  • Stay informed on BIMI: BIMI is an evolving standard. Keep up with changes in certificate requirements, supporting email clients, and industry updates to maximize your ROI.

Get started with Sendmarc’s BIMI solution

Sendmarc simplifies every step of BIMI implementation, so your company can protect its brand and improve email performance without the complexity.

With Sendmarc, your organization can:

  • Accelerate BIMI setup with guided workflows
  • Maintain compliance with required protocols
  • Defend its domain from phishing, spoofing, and impersonation attacks
  • Boost deliverability and brand recognition with visible logo placement in inboxes

Take the next step in securing your business’s domain and showcasing its brand. Book a demo with Sendmarc today to see how we enable effortless BIMI implementation.

Book a demo

BIMI implementation FAQs

What is BIMI implementation?

BIMI implementation refers to the process of configuring your domain’s BIMI DNS records and settings to display a brand logo next to authenticated messages. This enhances email security, increases brand visibility, and builds trust with recipients.

To implement BIMI, your company must complete multiple technical steps:

  • Enforce Domain-based Message Authentication, Reporting, and Conformance (DMARC) with a policy of quarantine or reject.
  • Create a square SVG Tiny logo that meets BIMI specifications.
  • Optionally, obtain a BIMI certificate, either a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC).
  • Add a BIMI TXT record to your domain’s DNS, referencing the logo and certificate URLs.
  • Use validation tools to verify your BIMI setup and confirm that the logo displays correctly in supporting inboxes.

The key requirements for BIMI implementation include:

  • A valid SPF, DKIM, and DMARC record
  • A DMARC policy set to either quarantine or reject
  • A square SVG Tiny logo hosted on a secure HTTPS server
  • Optionally, a valid BIMI certificate (either a Verified Mark Certificate (VMC) or a Common Mark Certificate (CMC))
  • A correctly formatted BIMI TXT record published in your domain’s DNS

Resources

Knowledgebase

Sendmarc logo
SOC 2 Type II
G2 High Performer Badge - Winter 2025

How secure is your brand name from email scammers?

If you’re at risk of impersonation, one of our experts will be in touch to assist.

Linkedin-in Youtube X-twitter Facebook-f

Platform & Services

Company

Platform & Services

Resources