BIMI Records Explained: Logo in the Inbox (2026)

Updated: June 27, 2026
Disclosure: Some links in this article are affiliate links. If you click through and make a purchase, we may earn a commission at no extra cost to you. This never influences our recommendations — we only recommend tools we’ve genuinely tested. See our full disclosure.

A BIMI record is the DNS entry that can put your brand’s logo next to your messages in supporting inboxes — the blue-checkmark, logo-in-the-avatar treatment you have seen from big senders. BIMI (Brand Indicators for Message Identification) is not an authentication method itself; it is a display layer that rides on top of an enforced DMARC policy, which is why it doubles as a powerful incentive to finish your authentication work. This guide explains what a BIMI record is, how it works, the BIMI record syntax with a BIMI record example, the BIMI logo and BIMI VMC requirements, and which inboxes display it in 2026. It is part of our email authentication hub.

What is a BIMI record?

BIMI lets a domain owner publish its brand logo in DNS so supporting mailbox providers can display that logo beside authenticated messages. It solves two linked problems: it gives recipients a visible signal that mail genuinely comes from you, and it rewards strong authentication, because a BIMI record only does anything once your DMARC is at enforcement. One important caveat: BIMI is not a ratified RFC. It is an active IETF draft (currently draft-brand-indicators-for-message-identification), widely deployed but with no formal standards status yet. Treat it as production-ready but still evolving, and verify provider behaviour before relying on it.

How a BIMI record works

  1. Your mail passes SPF and DKIM, aligned, under a DMARC policy at quarantine or reject.
  2. You publish a BIMI record at default._bimi.yourdomain.com pointing to your logo and, where required, a certificate.
  3. On receipt, the provider first checks DMARC; only if it passes at enforcement does BIMI proceed.
  4. The provider fetches and validates your logo (and certificate), then displays it.

Every failure is silent: if anything is wrong, your mail still delivers — the BIMI logo just does not appear. That makes BIMI low-risk to deploy but sometimes frustrating to debug.

BIMI record syntax

The BIMI record is a TXT record with a version, a logo URL, and an optional certificate URL. Here is a BIMI record example:

default._bimi.example.com.  IN TXT  "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem"
TagMeaning
v=BIMI1Version — required, the only valid value
l=HTTPS URL of the SVG logo (a direct link, no redirects)
a=HTTPS URL of the VMC/CMC certificate; an empty a=; means self-asserted only

The label before _bimi is the selector; default is built in, and named selectors for seasonal or campaign logos are invoked with a DKIM-signed BIMI-Selector header. A self-asserted BIMI record example without a certificate simply ends l=...; a=;.

The BIMI logo and BIMI VMC requirements

Two assets sit behind the record. First, the BIMI logo must be a very specific kind of SVG — the SVG Tiny PS profile: a square, centred, true-vector image with a <title>, no scripts, animation, or external references, and a small file size. An ordinary SVG exported from a design tool will usually be rejected until it is converted to this profile.

Second is the certificate. A BIMI VMC (Verified Mark Certificate) proves you own the trademark on the logo and is what unlocks Gmail’s blue verification checkmark; it requires a registered trademark, takes a few weeks to issue, and costs several hundred dollars a year. A CMC (Common Mark Certificate) is a cheaper, faster alternative that does not require a trademark and shows the logo but not the blue checkmark. Whether you need a BIMI VMC at all depends entirely on which inboxes you are targeting.

Which inboxes display BIMI in 2026

  • Gmail and Google Workspace — display the logo and require a VMC or CMC (the blue checkmark is VMC-only); self-asserted logos are ignored, and display is gated on sender reputation.
  • Apple Mail (recent iOS/macOS and iCloud) — displays the logo and currently requires a VMC.
  • Yahoo Mail and Fastmail — display self-asserted logos with no certificate required.
  • Microsoft Outlook — does not have general inbox BIMI display in 2026, with no announced date; do not assume Outlook will show your logo.

Self-asserted vs certified BIMI

There are two ways to run a BIMI record, and choosing between them is mostly a question of which inboxes you need to reach. A self-asserted BIMI record points only to your SVG logo with an empty a=; tag and no certificate. It is free, takes minutes, and is enough to display your BIMI logo in Yahoo Mail and Fastmail. The catch is that Gmail and Apple Mail ignore self-asserted logos entirely — for them you need a certificate.

A certified BIMI record adds the a= tag pointing to a BIMI VMC or a CMC. The certificate is what Gmail and Apple require before they will render your logo, and a BIMI VMC specifically is what unlocks Gmail’s blue verification checkmark. The trade-off is cost and effort: a BIMI VMC needs a registered trademark, takes weeks to issue, and runs to several hundred dollars a year, while a CMC is cheaper and faster but shows the logo without the checkmark. A sensible path is to publish a self-asserted record first to prove your pipeline works in Yahoo, then invest in a certificate once you are ready to target Gmail and Apple. The BIMI Group maintains the current specification and the list of authorised certificate providers.

How to set up a BIMI record step by step

  1. Reach DMARC enforcement. Get your DMARC policy to quarantine or reject at pct=100 and confirm it is stable. Nothing else matters until this is done.
  2. Prepare the SVG. Convert your logo to the SVG Tiny PS profile — square, centred, with a title and no scripts — and host it at a direct HTTPS URL.
  3. Decide on a certificate. Self-assert for Yahoo and Fastmail, or obtain a BIMI VMC/CMC for Gmail and Apple.
  4. Publish the BIMI record at default._bimi.yourdomain.com with the l= (and, if certified, a=) tags.
  5. Test in real inboxes and be patient — providers cache BIMI logos aggressively, so a correct setup can take days to appear.

BIMI as brand protection, not just decoration

It is tempting to view BIMI as cosmetic, but its real value is trust. A verified BIMI logo — especially with Gmail’s checkmark — gives recipients an at-a-glance way to tell your genuine mail from an impersonation, which lifts open rates and, more importantly, makes phishing that abuses your brand easier for users to spot. Because BIMI is gated on DMARC at enforcement, the act of qualifying for it forces you to shut down direct-domain spoofing first. In that sense the BIMI logo is the visible reward for invisible work: you cannot earn the logo without first locking down your domain, so it aligns a marketing incentive with a security outcome. Few brands have claimed that advantage yet: our 2026 study of 10,000 top domains found just 9.4% publish a BIMI record — unsurprising, since only about half of domains reach the DMARC enforcement BIMI requires — which makes a verified logo an easy way to stand out in the inbox. For the broader payoff, see how authentication feeds deliverability and how it fits the wider email security picture.

BIMI record pitfalls and best practices

  • DMARC not at enforcement. The number-one reason a BIMI logo never appears — p=none or pct<100 silently disables BIMI. Reach quarantine or reject first.
  • An invalid SVG. Scripts, animation, a non-square canvas, an embedded raster image, or the wrong profile will all fail validation.
  • An HTTP or redirected logo URL. The l= link must be a direct HTTPS URL.
  • A certificate logo that does not match the published logo. They must be identical.
  • Best practice: get DMARC to enforcement and stable, build and validate the SVG before ordering any certificate, choose self-asserted or a BIMI VMC/CMC based on the inboxes you care about, use direct HTTPS URLs, and confirm rendering in real accounts — allowing for aggressive logo caching that can take days. The whole effort builds on a correct SPF, DKIM and DMARC setup, and supports overall deliverability and brand trust.

BIMI selectors and campaign logos

The label in front of _bimi is the selector, and while most domains only ever use the built-in default selector, selectors make a more advanced pattern possible: showing different logos for different mail streams. By publishing additional BIMI records under named selectors and having a given message carry a DKIM-signed BIMI-Selector header, a sender can display, say, a seasonal or sub-brand logo on one campaign while keeping the corporate logo as the default everywhere else. It is genuinely useful for large senders with multiple brands, but it adds moving parts — each selector needs its own valid logo and, where required, its own certificate — so most organisations should master the default selector first and only reach for named selectors once they have a concrete need.

One subtlety that trips up larger setups: BIMI, like DMARC, is evaluated against the domain in the From: address, so a brand that sends from a subdomain such as news.example.com needs that subdomain to have its own DMARC at enforcement and its own BIMI record. A BIMI record on the organizational domain does not automatically cover a sending subdomain. Mapping out exactly which domains and subdomains you send from — and ensuring each one that needs a logo has both enforced DMARC and a matching BIMI record example in place — is the unglamorous groundwork that determines whether your BIMI logo actually appears across all your mail rather than just some of it.

Check it yourself: use our free email tools to look up your domain’s BIMI and DMARC records and confirm DMARC is at enforcement before you publish a logo.

Related reading

BIMI record FAQ

Is BIMI an official standard?

Not yet. BIMI is an active IETF draft rather than a ratified RFC, so it has no formal standards status — but it is widely deployed by major mailbox providers and is safe to use in production. Just keep an eye on its evolving requirements.

Do I need a BIMI VMC?

It depends on your target inboxes. Yahoo and Fastmail show self-asserted logos for free with no certificate. Gmail requires a VMC or a CMC, and Apple Mail currently requires a VMC. If reaching Gmail or Apple with a logo matters, you will need a certificate.

What is the difference between a VMC and a CMC?

A VMC requires a registered trademark on your logo and unlocks Gmail’s blue verification checkmark, but it is pricier and slower to obtain. A CMC needs no trademark and is cheaper and faster, and it displays your logo — but without the checkmark.

Does Outlook display BIMI logos?

Not reliably in 2026. Microsoft has no general inbox BIMI display across Outlook.com and Microsoft 365, and no announced date, so you should not expect your logo to appear there even with a perfect setup.

My BIMI record is correct but the logo will not show — why?

The usual causes are DMARC not at enforcement, an SVG that is not in the required Tiny PS profile, an HTTP or redirected logo URL, a certificate whose logo differs from the published one, or simply provider caching delaying the update. Work through those in order.

What logo format does a BIMI record need?

Only SVG Tiny PS — a square, true-vector SVG with a title element and no scripts, animation, or external references. PNG, JPEG, and standard design-tool SVGs are not accepted, so the BIMI logo almost always needs converting to the correct profile first.

Cite this article
MLA

Raj Kapoor. "BIMI Records Explained: Logo in the Inbox (2026)." ToolTrusted, June 24, 2026, https://tooltrusted.com/bimi-record-guide/.

APA

Raj Kapoor. (2026). BIMI Records Explained: Logo in the Inbox (2026). ToolTrusted. https://tooltrusted.com/bimi-record-guide/

Plain URL

https://tooltrusted.com/bimi-record-guide/

Share this article: LinkedIn Reddit
⚠️ Help Us Keep This Content Fresh!

Notice something outdated or incorrect in this review? Let us know below, and our team will update it within 24 hours.