The Blue Checkmark for Email Is Here — and Most Senders Are Ignoring It

When Gmail displays a blue checkmark next to an email, and a brand logo appears where the generic avatar used to be, recipients notice. More importantly, they trust.

That’s BIMI — Brand Indicators for Message Identification. It’s the newest layer of email authentication, and unlike SPF, DKIM, and DMARC — which protect email recipients — BIMI is the first authentication protocol that visibly rewards senders for getting their security right.

This guide explains what BIMI is, which mailbox providers support it, what you need to qualify, and exactly how to implement it.

⚡ Already on full DMARC enforcement? Check it free before you continue: Run the DNS Checker → — no signup.

What Is BIMI?

BIMI (Brand Indicators for Message Identification) is an email specification that allows verified brand logos to appear next to messages in the inbox — providing visual authentication signals to recipients.

BIMI is not a required authentication protocol. It’s an optional specification built on top of full authentication compliance. Think of it as the reward tier: brands that fully implement and enforce DMARC can apply to display their verified logo in supporting inboxes.

The result is an inbox experience that looks like this:

  • Without BIMI: Generic initials or gravatar placeholder where the sender avatar appears
  • With BIMI: Your brand’s actual logo, verified and authenticated, displayed to every recipient on a supporting provider

How BIMI Works (The Technical Mechanism)

BIMI operates through a DNS TXT record that points mailbox providers to your brand logo file. The chain of trust works like this:

  1. Mailbox provider receives your email
  2. Checks that DMARC is at p=quarantine or p=reject — monitoring-only p=none does not qualify
  3. Looks up your BIMI DNS record at default._bimi.yourdomain.com
  4. Retrieves your brand logo — an SVG file hosted at a URL in the BIMI record
  5. For providers requiring a VMC (Verified Mark Certificate): Validates the certificate to confirm the logo is genuinely yours and issued by an approved authority
  6. Displays the verified logo next to your email in the recipient’s inbox

The BIMI DNS record syntax:

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/bimi-logo.svg; a=https://yourdomain.com/bimi-cert.pem"
  • l= points to your SVG logo file
  • a= points to your VMC certificate (required for Gmail and Yahoo; optional for others)

Which Mailbox Providers Support BIMI?

BIMI adoption has grown significantly since Gmail launched support in 2021. As of 2026:

ProviderBIMI SupportVMC Required?
GmailFull supportYes
Yahoo Mail / AOLFull supportYes
Apple Mail (iOS/macOS)Full support (added 2023)No (uses self-asserted)
Outlook / HotmailPartial / limitedNo (has own system — Microsoft BIMI)
FastmailSupportNo
Proton MailPartialNo
Zoho MailSupportNo

The critical providers: Gmail and Yahoo together cover the majority of consumer inboxes globally. Qualifying for BIMI at these two providers gives you the most visible coverage.

What You Need to Qualify for BIMI

Mandatory Requirements

1. DMARC at p=quarantine or p=reject

This is the non-negotiable prerequisite. p=none does not qualify. Your DMARC policy must be actively enforcing, not just monitoring.

Your DMARC record must be at:

v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100

or stronger (p=reject). Anything weaker disqualifies you.

2. SPF and DKIM correctly configured and aligned

Both protocols must pass and align with your From domain. Your DMARC aggregate reports should show consistent alignment rates above 95% before applying for BIMI.

3. A trademarked logo (for VMC)

For Gmail and Yahoo, BIMI requires a Verified Mark Certificate (VMC) — a digital certificate issued by approved authorities (currently DigiCert and Entrust) that confirms:

  • Your brand logo is a registered trademark
  • You are the legitimate trademark owner
  • The SVG logo file matches the trademark registration

Your brand must have a registered trademark in at least one major trademark office (USPTO for the US, IPO for India, EUIPO for Europe, etc.) before you can obtain a VMC for Gmail/Yahoo BIMI.

Providers that don’t require a VMC — Apple Mail, Fastmail, Zoho — will display your logo from a self-asserted BIMI record. No trademark required.

4. A properly formatted SVG logo

BIMI is strict about the SVG format. The logo must meet specific technical requirements:

  • Must be an SVG Tiny P/S format (not standard SVG)
  • Square aspect ratio (1:1)
  • No embedded scripts, animations, or external references
  • Single-layer, clean paths (many logos require conversion by a designer)
  • Recommended maximum 32KB file size

Use BIMI Group’s official BIMI SVG Validator to verify your SVG before submission.

Consistent sending infrastructure: Mailbox providers track BIMI eligibility based on your sending history. Consistent authentication compliance, low complaint rates, and stable sending patterns strengthen your BIMI position.

Subdomain BIMI records: If you send from subdomains (e.g., marketing.yourdomain.com, notifications.yourdomain.com), you can set BIMI records at each subdomain or rely on the root domain BIMI record — depending on provider behavior. Gmail uses the organizational domain’s BIMI record.

Step-by-Step BIMI Setup Guide

Step 1: Verify Your Authentication Foundation

Before touching BIMI, confirm your authentication stack is fully compliant:

# Check your DMARC record
nslookup -type=TXT _dmarc.yourdomain.com

# Check your SPF record
nslookup -type=TXT yourdomain.com

# Check your DKIM record (replace 'selector' with your actual selector)
nslookup -type=TXT selector._domainkey.yourdomain.com

Or use InboxStack’s authentication health monitor / MXToolbox for a visual check.

Confirm:

  • DMARC policy is p=quarantine or p=reject
  • DMARC aggregate reports show >95% aligned passes over the last 30 days
  • SPF and DKIM are passing and aligned

Do not proceed until authentication is solid. A BIMI record on a poorly authenticated domain accomplishes nothing.

Your existing logo almost certainly needs modification to meet BIMI’s SVG Tiny P/S format requirements.

Common issues:

  • Wrong SVG profile (most designers work in standard SVG, not SVG Tiny P/S)
  • External font references (not allowed)
  • Gradients or effects not supported by Tiny P/S
  • Non-square aspect ratio
  • Scripts or animations embedded

Work with a designer to export a BIMI-compliant SVG. Run it through the BIMI Group’s SVG validator at bimigroup.org/tools.

Host the validated SVG at a publicly accessible HTTPS URL. For example:

https://yourdomain.com/bimi/logo.svg

Step 3: Obtain a Verified Mark Certificate (VMC) — for Gmail/Yahoo

This step is optional for providers that don’t require a VMC, but mandatory for Gmail and Yahoo.

  1. Confirm trademark registration. Your logo must be a registered trademark at a recognized trademark office. Pending applications do not qualify — it must be registered.

  2. Contact an approved VMC issuer. Currently DigiCert and Entrust issue VMCs. Expect:

    • Price: approximately $1,000–$1,500 per year per domain
    • Timeline: 2–4 weeks for issuance, depending on trademark verification
  3. Provide required documentation:

    • Proof of trademark registration
    • Your validated SVG logo file
    • Domain ownership verification
  4. Receive your VMC certificate (a .pem file) and host it at an HTTPS URL on your domain:

    https://yourdomain.com/bimi/cert.pem

Step 4: Publish Your BIMI DNS Record

Create a TXT record at default._bimi.yourdomain.com:

Without VMC (Apple Mail, Fastmail, Zoho — self-asserted):

v=BIMI1; l=https://yourdomain.com/bimi/logo.svg;

With VMC (Gmail, Yahoo — verified):

v=BIMI1; l=https://yourdomain.com/bimi/logo.svg; a=https://yourdomain.com/bimi/cert.pem

DNS propagation typically takes 24–48 hours.

Step 5: Verify and Test

Use the BIMI Group inspector or BIMI checker tools to verify your record is publishing correctly and your SVG and VMC URLs are accessible.

Send test emails to Gmail and Yahoo accounts and check whether the logo appears. Gmail’s display depends on your reputation score in addition to the BIMI record — not every eligible sender sees the logo on day one.

If the logo isn’t appearing:

  • Verify DNS propagation is complete
  • Check that your VMC is validating correctly
  • Confirm DMARC is at enforcement level with >95% pass rate

Does BIMI Improve Email Deliverability?

This is the most common question about BIMI, and the answer requires nuance.

BIMI does not directly improve deliverability. Gmail and Yahoo do not use BIMI as a positive spam scoring signal. Displaying a BIMI logo does not move email from spam to inbox.

BIMI indirectly improves engagement. Verified logos create visual recognition and trust that leads to higher open rates. Higher engagement signals are indirectly positive for sender reputation, which indirectly improves inbox placement over time.

The more honest framing: BIMI is a brand trust and visibility tool, not a deliverability tool. Its purpose is to make your brand visually distinct and verified in the inbox — reducing phishing risk and increasing recipient confidence. The deliverability benefit is a downstream effect of improved engagement, not a direct mechanism.

Where BIMI does have direct value: anti-phishing protection. Recipients can see that a logo is verified and VMC-backed, making it harder for phishing attempts using your brand name to appear credible.

The BIMI Timeline for Indian Senders

For India-based companies, the BIMI path requires trademark registration through the Indian Trade Marks Registry (TMR). Once registered, the mark is recognized for VMC issuance by DigiCert and Entrust.

Key considerations:

  • Indian trademark registration typically takes 18–24 months for full registration (though filing date establishes priority)
  • Some VMC issuers accept the trademark filing date if registration is pending — confirm with DigiCert or Entrust
  • Domain must be sending from India-registered business infrastructure (not a personal domain)

If you’re early in your trademark process, implement the self-asserted BIMI record now — for Apple Mail and other non-VMC providers — and add the VMC once your trademark is registered.

Frequently Asked Questions

Is BIMI required in 2026?

No. BIMI is optional. SPF, DKIM, and DMARC are required (mandatory for bulk senders to Gmail, Yahoo, and Microsoft). BIMI is an opt-in feature for senders who have met the authentication requirements and want to display a verified brand logo.

How long does it take to set up BIMI?

The technical DNS setup takes hours. The bottleneck is obtaining a VMC, which requires a registered trademark and typically takes 2–4 weeks with DigiCert or Entrust once you have the trademark documentation ready.

Does my logo automatically appear once I set up BIMI?

Not immediately. Gmail evaluates BIMI eligibility based on authentication compliance and sender reputation. Senders with solid reputation and full DMARC enforcement typically see the logo appear within days to weeks. New or lower-reputation senders may take longer.

Can I use BIMI with a subdomain?

Yes. You can set up a BIMI record at default._bimi.marketing.yourdomain.com for email sent from marketing.yourdomain.com. The VMC must cover the subdomain as well as, or instead of, the root domain.

Is there a free version of BIMI?

Self-asserted BIMI (without a VMC) is free and works on Apple Mail, Fastmail, and some other providers. It requires a properly formatted SVG and a DMARC enforcement policy. For Gmail and Yahoo, the VMC costs approximately $1,000–$1,500/year per domain — the unavoidable cost of the verification process.

Related reading:

The InboxStack Brief

Stay ahead of every inbox change

Weekly digest — authentication shifts, blacklist actions, provider policy updates. Free.