BIMI Setup Checklist for Brand Logos in Email

Prepare for BIMI with the required DMARC enforcement, DNS record, SVG logo, and certificate checks before publishing a brand logo for email.

Brand Indicators for Message Identification

BIMI can display a verified brand logo beside authenticated email, but it depends on strong DMARC first. Treat BIMI as the final step after sender inventory, DMARC reporting, and enforcement are already working.

Reach DMARC enforcement first

BIMI generally requires a DMARC policy at quarantine or reject. If your domain is still at p=none, use reports to identify and fix senders before publishing BIMI.

Confirm SPF or DKIM alignment for all legitimate senders.
Move to quarantine or reject only after report evidence is clean.
Keep rua reporting active after enforcement.

Prepare the logo asset and certificate path

BIMI uses a specific SVG Tiny PS logo format. Some mailbox providers also require a Verified Mark Certificate or Common Mark Certificate depending on logo and provider support.

Use a square SVG logo that meets BIMI profile requirements.
Host the SVG over HTTPS.
Confirm whether your target mailbox providers require a certificate.

Publish and validate the BIMI DNS record

The BIMI TXT record points receivers to the logo and optional certificate. Validate DNS, HTTPS access, and DMARC policy together because a correct BIMI record will not work without enforcement.

Publish the record at default._bimi.example.com unless using another selector.
Use the l tag for the logo URL and the a tag for a certificate URL when needed.
Recheck after CDN, DNS, or certificate changes.

Implementation checklist

DMARC policy is quarantine or reject

Legitimate senders pass alignment

BIMI SVG is hosted over HTTPS

Certificate requirements are understood

default._bimi DNS record validates

Confirm DMARC readiness before BIMI

Mail Monitor shows whether your sender sources are ready for enforcement before you invest in BIMI assets and certificates.

Frequently Asked Questions

Can I set up BIMI with p=none?

In practice, BIMI requires enforced DMARC such as p=quarantine or p=reject. Start with reporting, then enforce after legitimate senders pass alignment.

Do I need a VMC for BIMI?

Some mailbox providers require a Verified Mark Certificate or similar certificate for logo display. Requirements vary, so check the providers most important to your audience.

Where is the BIMI DNS record published?

Most domains publish BIMI at default._bimi.example.com as a TXT record that points to the hosted SVG logo and, when needed, a certificate URL.

More Email Security Tools

DNS CheckerCheck the DNS records that affect email delivery: SPF, DMARC, DKIM, MX, MTA-STS, TLS-RPT, and BIMI in one public report.DMARC CheckerAnalyze your domain's DMARC record. Check policy mode (none/quarantine/reject), alignment settings, reporting addresses, and get recommendations to strengthen email security.Google/Yahoo ChecklistCheck the email authentication requirements bulk senders need for Gmail and Yahoo, including SPF, DKIM, DMARC, alignment, TLS, and unsubscribe readiness.