D
DMARC Creator

DMARC and BIMI: How to Display Your Brand Logo in Email Inboxes

Learn how BIMI displays your brand logo in email inboxes, why DMARC enforcement is required, and the step-by-step path from no DMARC to BIMI-ready.

Last updated: 2026-01-28

You have probably noticed that some companies display their logo right next to the sender name in Gmail, Apple Mail, or Yahoo Mail. That is not a profile picture — it is BIMI in action. BIMI (Brand Indicators for Message Identification) is an email standard that lets you show a verified brand logo in supporting inboxes, but it only works if your domain has DMARC enforcement in place.

If you have been thinking about setting up BIMI, this guide explains what it is, what the requirements are, and how to get your domain from zero DMARC to BIMI-ready.

What Is BIMI?

BIMI is an emerging email specification that allows domain owners to display a brand-controlled logo next to their emails in the recipient's inbox. Instead of a generic avatar or the sender's initials, recipients see your actual company logo.

The idea is simple: if you can prove your domain is properly authenticated and your emails are legitimate, mail providers will reward you by displaying your brand identity. This builds trust with recipients and makes your emails stand out in crowded inboxes.

BIMI works alongside existing email authentication standards. It does not replace SPF, DKIM, or DMARC. Instead, it builds on top of them. Think of BIMI as the final layer — the visible, brand-facing benefit you earn by getting your email authentication right.

BIMI is not just cosmetic. Studies show that brand logos in the inbox increase open rates and help recipients identify legitimate emails from brands they trust. It is both a branding opportunity and a security signal. Ecommerce brands in particular benefit from the trust boost that a verified logo provides alongside order confirmations and shipping updates.

Which Email Clients Support BIMI?

BIMI adoption has grown significantly. As of early 2026, the major supporting clients include:

Gmail — Full BIMI support, but requires a Verified Mark Certificate (VMC) for logo display. Gmail shows a blue verified checkmark alongside the logo.

Apple Mail — Supports BIMI on iOS and macOS. Apple also requires a VMC for logo display.

Yahoo Mail — One of the earliest BIMI adopters. Yahoo displays BIMI logos without requiring a VMC, though having one adds the verified indicator.

Fastmail — Supports BIMI logo display.

Microsoft Outlook — Microsoft has been rolling out BIMI support gradually. Check current compatibility for your specific Outlook version or tenant.

Even if not every email client supports BIMI today, the trend is clear: more providers are adopting it. Setting up BIMI now means your logo will automatically appear as support expands.

The DMARC Requirement for BIMI

Here is where DMARC becomes essential. BIMI has a strict prerequisite: your domain must have a DMARC record with an enforcement policy. Specifically, your DMARC record must have one of the following:

  • p=quarantine with pct=100 (or no pct tag, since 100 is the default)
  • p=reject

A p=none policy is not sufficient. BIMI requires that your domain actively blocks or quarantines unauthenticated messages. This ensures that only properly authenticated emails can display your logo, preventing spoofers from hijacking your brand identity in the inbox.

Here is an example of a BIMI-compatible DMARC record:

v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com;

If your current DMARC record uses p=none, you will need to work through the enforcement process before BIMI will function. This is not a step you can skip or shortcut — mail providers verify your DMARC policy before displaying your BIMI logo.

A DMARC record with p=quarantine; pct=50; does not qualify for BIMI. The policy must apply to 100% of messages. Make sure your enforcement covers all your email before enabling BIMI.

The Complete BIMI Requirements

Beyond DMARC enforcement, BIMI has several other requirements:

SVG Logo File

Your logo must be in SVG Tiny Portable/Secure (SVG P/S) format. This is a specific, restricted version of SVG designed for security. Standard SVG files from your design team will need to be converted.

The logo must be square, with a centered design on a solid background. Most brands use their app icon or a simplified version of their logo. The SVG file must be hosted at a publicly accessible HTTPS URL.

BIMI DNS Record

You need to publish a TXT record at default._bimi.yourdomain.com with the following format:

v=BIMI1; l=https://yourdomain.com/path/to/logo.svg; a=https://yourdomain.com/path/to/vmc.pem;

The l tag points to your SVG logo file. The a tag points to your Verified Mark Certificate (if you have one). If you do not have a VMC, you can omit the a tag, but Gmail and Apple Mail will not display your logo without it.

Verified Mark Certificate (VMC)

A VMC is a digital certificate that proves you own the trademark for the logo you want to display. It is issued by certificate authorities like DigiCert or Entrust. Getting a VMC requires that your logo is a registered trademark in an approved trademark office.

Gmail and Apple Mail require a VMC. Yahoo displays BIMI logos without one. If your brand does not have a registered trademark, you can still set up BIMI for Yahoo and other non-VMC-requiring clients.

VMCs typically cost between $1,000 and $1,500 per year. For many businesses, the increased brand visibility and trust in Gmail alone justifies the cost.

The Path from No DMARC to BIMI-Ready

Getting to BIMI is a multi-step journey. Here is the practical roadmap.

1

Set up DMARC at p=none

Start with a monitoring-only DMARC record. This does not block any email but starts collecting reports so you can see who is sending as your domain. Use our DMARC generator below to create your initial record with a rua address for reports.

2

Configure SPF and DKIM for all senders

Review your DMARC reports and identify every service sending email as your domain. For each one, make sure SPF is configured at spfcreator.com and DKIM is set up at dkimcreator.com. Both should pass and align with your domain.

3

Move to p=quarantine

After two to four weeks of clean reports at p=none, update your policy to p=quarantine. Start with a low pct value and increase gradually. Monitor for any reports of legitimate email being sent to spam.

4

Move to p=reject

Once quarantine is running at 100% with no issues, switch to p=reject. This is the DMARC enforcement level that BIMI requires. Your domain now actively blocks spoofed emails.

5

Prepare your BIMI assets

Convert your logo to SVG Tiny P/S format. Host it at a stable HTTPS URL. If you want Gmail and Apple Mail support, begin the VMC application process with a certificate authority — this can take several weeks.

6

Publish your BIMI record

Add a TXT record at default._bimi.yourdomain.com with your logo URL and VMC URL. Once published, supporting email clients will begin displaying your logo next to your messages.

Common BIMI Pitfalls

Logo does not appear in Gmail. Gmail strictly requires a VMC. If you published a BIMI record without the a tag, Gmail will not show your logo. Yahoo might, but Gmail will not.

SVG format rejected. Standard SVG files are not accepted. Your logo must be in SVG Tiny P/S format. Tools like the BIMI SVG converter from the BIMI Working Group can help you convert your file.

DMARC policy not strict enough. If your DMARC record uses p=none or p=quarantine with a pct value below 100, BIMI will not activate. Check your record at dmarcrecordchecker.com to verify your enforcement level.

Subdomain policy override. If you send email from a subdomain, make sure the subdomain either inherits the parent's enforcement policy or has its own BIMI record. The sp tag in your DMARC record controls subdomain policy.

Why DMARC Enforcement Is Worth It Beyond BIMI

Even if BIMI is your motivation for setting up DMARC enforcement, the security benefits go far beyond a logo in the inbox. With p=reject in place, your domain is protected against phishing attacks that spoof your brand, your email deliverability improves because mail providers trust authenticated senders, and you have visibility into every source sending email as your domain. Agencies managing BIMI rollouts for clients often find that the DMARC enforcement groundwork delivers immediate deliverability gains even before the logo appears.

BIMI is the cherry on top. The real value is the foundation you build getting there: a fully authenticated, monitored, and protected email domain.

Related Articles

Monitor Your DMARC Record

You've created your DMARC record — now make sure it keeps working. The Email Deliverability Suite watches your SPF, DKIM, DMARC, and MX records daily and alerts you when something breaks.

Never miss a DMARC issue

Monitor your SPF, DKIM, DMARC and MX records daily. Get alerts when something breaks.

Start Monitoring