BIMI: Email Branding (and Why Some Clients Don’t Show It)
BIMI (Brand Indicators for Message Identification) is used to display brand logos in email clients. This should make it easier to distinguish between legitimate emails and phishing attempts.
However, some email clients (and by extension, email providers) require a mark certificate before such an image is shown. Others only require DMARC enforcement. There are two certificate types, which can be used for BIMI. Both of these certificates have their pros and cons:
- Verified Mark Certificate (VMC)
- Common Mark Certificate (CMC)
In essence, CMCs are cheaper and also allow for some slight variation, e.g. if your Logo changes color depending on season. On the other hand, VMCs don't offer this kind of flexibility, but some clients will display a "verified" checkmark next to your mail.
Implementation
It’s not DNS
There’s no way it’s DNS
It was DNS... and SVG.
DNS setup
BIMI records are just TXT records. Our record, default._bimi.syslifters.com, looks like this:
> dig default._bimi.syslifters.com TXT +short
"v=BIMI1;l=https://handbook.syslifters.com/assets/syslifters-bimi.svg"This default._bimi... record contains two, optionally three, tags:
v=: This is the BIMI version, which is alwaysBIMI1l=: Defines the SVG location, in our case https://handbook.syslifters.com/assets/syslifters-bimi.svga=: This tag is optional and if set, links to the certificate (e.g.https://example.com/cmc.pem). Since we don't have one, there is no need for it.
Not only do we have to configure BIMI, but we also need a strong (and enforced) DMARC policy. You can read more about the implementation on bimigroup's implementation guide, but in essence:
- a good policy is always a reject policy (
p=reject; sp=reject) - BIMI validators won't accept:
p=nonepolicies orpctless than 100
SVG requirements
If DNS wasn't enough, we also need to adhere to SVG rules. Because BIMI images are based on the tiny-ps profile, we should:
- not use
<g>group tags style=""are unsupportedx=ory=attributes are not permitted in the<svg>root tag- No animations or scripts (yes, the
tiny-psprofile does not allow scripts, but feel free to experiment with XSS 😉
Other than that, the SVG also must include a <title> tag (and optionally <description>) and it should use a solid background, because otherwise clients may display the image incorrectly (looking at you, dark and light mode). Lastly, they also must be publicly accessible (duh).
There is also a BIMI image fixer to automagically convert your SVGs into the valid BIMI format.
Our BIMI-ready logos
When preparing our logo, we tried to optimize it for both round and rectangular display options, hence it is slightly off-center to keep a somewhat even distance to the circle's edge.
Optional: Certificates (CMC / VMC)
VMC and CMC are "mark certificates" to prove image ownership (read trademark). If you are interested, here is bimigroup's VMC requirements (PDF) (alternative wayback link):
| - | CMC | VMC |
|---|---|---|
| Cost | Cheaper | More expensive |
| Slight changes to image (e.g. color) | Yes | No |
| "Verified" checkmark in Gmail | No | Yes |
Client support overview (as of 2026-03)
Some mail providers will only show your image, if you are in possession of either a CMC or VMC for your brand image. We have listed some supported providers. Interestingly, Outlook apparently does not support BIMI as a receiving entity (original source: BIMI client support overview).
| Provider | Requirements |
|---|---|
| Apple Mail | VMC |
| CMC (VMCs add an additional "verified" checkmark) | |
| Fastmail | DMARC |
| GMX / web.de | ? |
| La Poste | DMARC |
| Yahoo | DMARC |