What is BIMI and how does it work?

BIMI (Brand Indicators for Message Identification) is a DNS-based email standard that allows authenticated senders to display their trademarked logo next to their messages in supported inboxes. It works by linking a verified SVG logo to your domain through a DNS TXT record, but only after SPF, DKIM, and DMARC are fully configured and enforced.

Do I need a Verified Mark Certificate (VMC) for BIMI?

Yes, major email providers like Gmail and Apple Mail require a VMC issued by a certified authority such as DigiCert or Entrust. The VMC proves your logo is a registered trademark. Without it, most inboxes will not display your logo even if your BIMI DNS record is correctly set up.

BIMI and Email Authentication: Display Your Logo in Inboxes

What Is BIMI and Why Should You Care?

Imagine your brand logo appearing right next to your emails in every recipient’s inbox — before they even open the message. That is exactly what BIMI (Brand Indicators for Message Identification) makes possible.

BIMI is an emerging email standard that rewards brands who properly authenticate their emails. When your domain passes strict authentication checks, participating mailbox providers display your official logo alongside your messages. The result? More trust, higher recognition, and better open rates.

According to a study by Entrust and Red Shift, emails with BIMI logos see open rates increase by up to 10% and brand recall improve by nearly 18%. In a crowded inbox, that visual edge is significant.

The Authentication Stack: SPF, DKIM, and DMARC

BIMI is not a standalone protocol. Think of it as the final layer on top of a solid email authentication foundation. Before you can display your logo, you need three protocols working in harmony.

SPF (Sender Policy Framework)

SPF tells receiving servers which IP addresses are authorized to send email on behalf of your domain. It is a DNS TXT record that lists your legitimate sending sources — your email server, your marketing platform, your transactional service, etc.

DKIM (DomainKeys Identified Mail)

DKIM attaches a cryptographic signature to every outgoing message. The receiving server verifies this signature against a public key stored in your DNS. If the signature matches, the email has not been tampered with in transit.

DMARC (Domain-based Message Authentication, Reporting, and Conformance)

DMARC ties SPF and DKIM together and tells mailbox providers what to do when authentication fails. For BIMI to work, you need a DMARC policy set to either p=quarantine or p=reject — a full enforcement posture. A policy of p=none is not sufficient.

Here is what a compliant DMARC record looks like:

v=DMARC1; p=reject; rua=mailto:dmarc-reports@yourdomain.com; pct=100;

How to Implement BIMI: Step by Step

Once your authentication stack is solid, implementing BIMI involves a few additional steps:

Prepare your logo: Create an SVG Tiny PS file of your trademarked logo. It must be square, centered, and meet strict formatting requirements.
Obtain a VMC: Gmail and Apple Mail require a Verified Mark Certificate from an authorized certificate authority like DigiCert or Entrust. This typically costs between $1,000 and $1,500 per year.
Publish your BIMI DNS record: Add a TXT record at default._bimi.yourdomain.com pointing to your logo URL and VMC location.

Example BIMI DNS record:

v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem;

Which Email Providers Support BIMI?

Adoption is growing rapidly. Here is the current landscape:

Provider	BIMI Support	VMC Required
Gmail	✅ Yes	Yes
Apple Mail	✅ Yes	Yes
Yahoo / AOL	✅ Yes	No
Fastmail	✅ Yes	No
Outlook	❌ Not yet	N/A

With Gmail and Apple Mail alone, you are covering well over 2 billion mailboxes worldwide.

Common Pitfalls to Avoid

Skipping DMARC enforcement: A p=none policy will block BIMI. Move to quarantine or reject progressively by analyzing your DMARC reports first.
Wrong SVG format: Standard SVG files are rejected. You need the SVG Tiny PS profile specifically.
Inconsistent authentication: Even one misconfigured sending source can cause DMARC failures and prevent your logo from appearing.

At Lueur Externe, we frequently audit email configurations for clients and find that over 60% of domains have at least one SPF or DKIM misconfiguration that would block BIMI adoption.

The Business Case for BIMI

BIMI is not just a technical nicety — it is a brand asset. Consider the numbers:

10% higher open rates (Entrust / Red Shift study)
18% increase in brand recall
Reduced phishing risk thanks to enforced DMARC
Greater subscriber trust through visible brand verification

For e-commerce brands sending millions of transactional and marketing emails per month, even a small uptick in open rates translates directly into revenue.

Conclusion: Start With Authentication, Finish With Your Logo

BIMI is where email security meets brand visibility. But it all starts with getting SPF, DKIM, and DMARC right. Once that foundation is in place, displaying your logo in inboxes becomes a powerful competitive advantage.

Whether you are running a Prestashop store, a WordPress-powered business, or a custom web application, proper email authentication is no longer optional — it is essential. The team at Lueur Externe, with over 20 years of expertise in web infrastructure and deliverability, can help you audit your current setup, achieve DMARC enforcement, and implement BIMI from start to finish.

Ready to get your logo in every inbox? Contact Lueur Externe and let’s make it happen.