SecurityStatus
Sign In Scan Your Domain
How It WorksFeaturesKnowledge BaseComparePricing
Sign In Get Started
info DNS

BIMI Record

BIMI (Brand Indicators for Message Identification) is a DNS standard that lets you display your brand logo next to your emails in supporting inboxes like Gmail and Apple Mail. It requires a strong DMARC policy and, for verified logos, a Mark Certificate from a CA.

What SecurityStatus Checks

  • Whether a BIMI TXT record exists at default._bimi.yourdomain.com
  • Whether the SVG logo URL in the record is accessible and valid
  • Whether DMARC is at p=quarantine or p=reject (required for BIMI)
  • Presence of a Verified Mark Certificate (VMC) for full inbox support

Why This Matters

BIMI is primarily a brand trust and deliverability signal rather than a critical security control. Displaying your verified logo in email inboxes builds trust with recipients and can improve open rates. It also requires a strong DMARC policy as a prerequisite, which has real security benefits.

How to Fix It

  1. 1

    Ensure DMARC is at p=quarantine or p=reject

    BIMI requires a DMARC policy of quarantine or reject. Without this, email providers will ignore your BIMI record. Set up DMARC first.

  2. 2

    Create an SVG logo file

    BIMI requires a specific SVG format: SVG Tiny PS (Portable/Secure). Use a design tool to export to this format or convert an existing logo. The file must be hosted on a public HTTPS URL.

  3. 3

    Add the BIMI DNS record

    Add: `default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/logo.svg"`. If you have a VMC, add: `a=https://yourdomain.com/bimi.pem`.

  4. 4

    Optionally obtain a VMC

    Verified Mark Certificates from DigiCert or Entrust verify your logo is a registered trademark. Gmail and other providers require a VMC to show the logo with a blue checkmark. VMCs cost several hundred dollars per year.

Frequently Asked Questions

Which email clients support BIMI?
Gmail, Yahoo Mail, Apple Mail, Fastmail, and several others support BIMI. Microsoft Outlook does not yet support standard BIMI but has its own logo system called BIMI for Exchange.
Do I need a trademark to use BIMI?
A trademark is required for a Verified Mark Certificate (VMC), which enables the verified checkmark. Basic BIMI without a VMC works in some clients but is not displayed in Gmail.
Is BIMI a security requirement?
No. BIMI is primarily a brand and deliverability feature. SecurityStatus reports it as informational — it is good to have but not a security risk to lack it.

Related Guides

high DMARC Record Read Guide high SPF Record Read Guide medium DKIM Record Read Guide

Check Your Domain Now

Run all 38 security checks including BIMI Record and get your domain's security grade in under 2 minutes.

Scan Your Domain Free