BIMI: The Complete Guide to Getting Your Brand Logo in the Inbox
A Validity analysis of 13,000 domains found that 90.85% had no BIMI record. That means when your email lands in someone's Gmail, they see a grey circle with a letter instead of your brand logo. The companies that have figured this out are getting measurably better engagement - and the barrier to entry dropped significantly when Common Mark Certificates removed the trademark requirement. Here's everything you need to implement Brand Indicators for Message Identification correctly, what it actually costs, and when it's not worth the money.
The Quick Version
- What is it? A DNS-based email authentication standard that displays your verified brand logo next to your emails in supported inboxes.
- Does it work in Outlook? No. A Microsoft Q&A moderator/MVP has confirmed there are no short-term plans or roadmap items for Exchange Online to support it.
- How much does it cost? $650-$1,668/year depending on whether you need a VMC or CMC.
- Do I need a trademark? Not anymore. CMCs removed that barrier.
What Is Brand Indicators for Message Identification?
BIMI stands for Brand Indicators for Message Identification. It's a DNS record that tells mailbox providers where to find your brand's logo so they can display it alongside your authenticated emails.
The key word there is authenticated. This standard sits at the top of an authentication stack that starts with SPF (verifying your sending servers), adds DKIM (cryptographically signing your messages), and requires DMARC at enforcement level (telling receivers what to do with unauthenticated mail). Only after DMARC passes does the logo pull into the inbox.
Think of it as the visual reward for doing email authentication right. You've done the hard work of locking down your domain - now recipients actually see that. Instead of a grey circle with a "J" for your company, they see your full-color logo. It's a small visual change that carries real trust signals, especially for consumer-facing brands running high-volume email programs. In a world of brand impersonation and phishing, that visible verification matters more than most marketers realize.
The BIMI Group's implementation guide covers the full requirements, but the practical details - SVG formatting, certificate choices, provider quirks - are where most teams get stuck.
Which Inboxes Support BIMI?
This question determines whether the investment is worth your time. The answer depends entirely on where your recipients live.
| Provider | Supports It | VMC/CMC Required? | Notes |
|---|---|---|---|
| Gmail | Yes | Yes (VMC or CMC) | Largest consumer base |
| Apple Mail | Yes | Yes (VMC or CMC) | iOS + macOS |
| Yahoo Mail | Yes | Recommended, not required | Self-asserted works |
| Fastmail | Yes | Not required | Self-asserted works |
| Zoho Mail | Yes | Recommended | Limited B2B footprint |
| Outlook | No | N/A | No roadmap items confirmed |
The elephant in the room is Outlook. A moderator/MVP on Microsoft's Q&A forum wrote that there are "no short-term plans or Roadmap items" for Exchange Online to support this verification. For B2B teams, this gap is significant. If your recipients are primarily on Microsoft 365 - and in enterprise B2B, many are - brand logos simply won't display. Your authentication work still matters for deliverability, but the visual branding payoff disappears for that segment.
Yahoo and AOL never required VMC/CMC, though a certificate can still help with eligibility decisions.
One thing to watch: Apple Business Connect "Branded Mail" is a separate process from Apple Mail's BIMI support. Don't confuse the two - they're different systems with different requirements.
The BIMI Group maintains an updated infographic showing provider support categories. The practical takeaway: if your audience skews Gmail, Apple Mail, or Yahoo, the standard has real reach. If you're selling into enterprises running Outlook, the ROI calculation changes dramatically.
Does It Boost Open Rates?
The headline numbers are encouraging. An early Verizon study found a ~10% average open-rate increase for senders displaying verified logos. A Red Sift and Entrust survey reported a 90% increase in consumer confidence when seeing a verified brand logo, and Red Sift has cited 21% open-rate lifts in some cases.
Here's the thing: those numbers need context. Oracle's deliverability team noted that real-world results tend to be more modest than the headline claims, and the novelty factor plays a role. When fewer senders have logos, they stand out more. As adoption grows, the visual differentiation shrinks.
We've seen a similar pattern with other inbox features. The first wave of adopters gets outsized results. By the time it's table stakes, the lift flattens. Don't build your business case around a 21% open-rate bump. A more realistic expectation is a modest, sustained lift in recognition and trust, particularly for consumer-facing email programs where brand familiarity drives engagement. The real value is less about open rates and more about anti-phishing trust signals - a verified logo tells the recipient "this email actually came from who it says it came from," and in a world of spoofing, that visual confirmation does real work.
Certificates: VMC vs. CMC
This is where the standard got significantly more accessible. The introduction of CMCs is the biggest shift since Gmail adopted BIMI. Let's compare the three paths.
| Feature | VMC | CMC | Self-Asserted |
|---|---|---|---|
| Trademark required | Yes | No | No |
| Gmail/Apple support | Yes | Yes | No |
| Yahoo/Fastmail | Yes | Yes | Yes |
| Annual cost | $780-$1,668 | From $650 | Free |
| Provisioning time | 7-10 days | 7-10 days | Immediate |
Verified Mark Certificates (VMCs)
VMCs are the original path. You need a registered trademark with an intellectual property office like the USPTO or EUIPO, and the certificate validates that your logo is legitimately yours. Gmail and Apple Mail require certificates, and industry surveys put the typical VMC range at $899-$1,668/year before reseller discounts.
Common Mark Certificates (CMCs)
CMCs don't require a trademark. Instead, you prove your logo has been publicly displayed on your domain for at least 12 months - essentially, archive verification that the logo is legitimately associated with your brand.
If the trademark requirement stopped you from implementing BIMI, CMCs remove that barrier entirely. They're accepted by Gmail and Apple Mail just like VMCs, and they're cheaper, starting around $650/year. This opens the door for startups, small businesses, and companies that haven't gone through trademark registration. It's the single most important development for BIMI accessibility.
Self-Asserted (No Certificate)
You can publish a BIMI record without any certificate. Yahoo Mail and Fastmail will display your logo based on the DNS record alone. Gmail and Apple Mail won't.
For small businesses testing the waters, self-asserted is a free starting point. Get your authentication stack right, publish the DNS record, and see results on Yahoo and Fastmail while you decide whether a certificate is worth the investment.
BIMI only works when your emails reach the inbox. Prospeo's 5-step verification and 98% email accuracy mean sub-4% bounce rates - the same authentication hygiene BIMI demands. 15,000+ companies trust our data to protect their domain reputation.
Authenticate your brand with emails that actually land.
How Much Does It Cost?
Getting a straight price is frustratingly difficult. DigiCert is the issuer with widely published pricing. GlobalSign and SSL.com often push you through contact forms.
| Certificate | Issuer/Reseller | Annual Cost | Notes |
|---|---|---|---|
| VMC | DigiCert (direct) | $1,608/yr | Per domain/logo |
| VMC | DigiCert (reseller) | ~$1,200/yr | Via SSL2BUY etc. |
| VMC | SSL2BUY Prime | From $780/yr | Budget option |
| CMC | DigiCert (reseller) | ~$950/yr | No trademark needed |
| CMC | SSL2BUY Prime | From $650/yr | Cheapest path |
| GlobalSign VMC | GlobalSign (direct) | ~$1,200-$1,500/yr | Contact sales required |
| SSL.com VMC | SSL.com (direct) | ~$1,000-$1,400/yr | Contact sales required |
The Reddit sentiment on pricing is blunt. Practitioners on r/email have called VMC certificates a "money grabbing scheme" with "absolutely ridiculous" pricing. When you're paying $1,600/year for what amounts to a DNS-linked image verification, the frustration is understandable. CMCs at $650/year make the math more palatable, but it's still a recurring cost that needs to justify itself.
Look, these certificates are overpriced for what they are. The technical work involved in issuing a VMC or CMC doesn't justify $1,600/year. But the market has limited competition, and until more issuers enter, prices won't drop. If you're price-sensitive, compare direct vs. reseller pricing before you buy - the spread can be $400+.
Step-by-Step Setup
If you already have DMARC at enforcement, you can be live in 1-2 weeks. Starting from scratch? Budget 6-8 weeks for the DMARC ramp-up alone.
1. Enforce DMARC on Your Domain
BIMI requires DMARC at enforcement level. Your DMARC record must have:
p=quarantineorp=reject- notp=nonesp=quarantineorsp=reject- subdomain policy must be enforcement toopct=100- full enforcement, not partial
If you're currently at p=none, don't jump straight to reject. Ramp up gradually: move to quarantine first, monitor your DMARC reports for legitimate mail that fails authentication, fix any gaps, then move to reject. This process typically takes 6-8 weeks when starting from scratch. (If you need a deeper technical breakdown, see DMARC alignment.)
2. Create a Compliant SVG Logo
This is where most implementations break. BIMI doesn't accept a regular SVG file. It requires SVG Tiny P/S (Portable/Secure), a strict subset of SVG Tiny 1.2.
Your SVG must include baseProfile="tiny-ps" and version="1.2" in the root element, a <title> element with your company name, square aspect ratio with centered design, a solid background, and a file size of 32KB or less.
Your SVG must NOT include scripts, animations, interactive elements, external links or references (except XML namespaces), x= or y= attributes on the root <svg> element, or embedded raster images.
The Illustrator trap: Adobe Illustrator can export SVG Tiny 1.2, but it automatically adds x and y attributes to the root <svg> element. You need to open the exported file in a text editor and remove those attributes manually. We've seen this trip up design teams who assume the export is ready. It isn't.
3. Get a VMC or CMC (If Needed)
If you're targeting Gmail and Apple Mail, you need a certificate. Choose based on the VMC vs. CMC comparison above. Provisioning takes 7-10 days once you've submitted your application and DMARC is verified at enforcement.
4. Publish Your DNS Record
Add a TXT record to your domain's DNS:
default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/logo.svg; a=https://yourdomain.com/vmc.pem"
default._bimi.yourdomain.com- the selector and domainv=BIMI1- version identifierl=- URL to your SVG logo file, served over HTTPSa=- URL to your VMC/CMC PEM file (required by Gmail and Apple Mail)
For self-asserted setups without a certificate, omit the a= tag or leave it empty: a=
5. Test and Verify
DNS propagation takes 24-48 hours. Once it's live, send test emails to Gmail, Yahoo Mail, and Apple Mail accounts. Use PowerDMARC's checker or MxToolbox to validate your record, and verify the logo renders correctly on both mobile and desktop. (If you're troubleshooting bounces at the same time, use this email deliverability guide and check your email bounce rate.)
Common Implementation Mistakes
A Validity study of 13,000 domains found that 4.58% had an invalid BIMI record - nearly as many as the 4.57% that got it right. That's a staggering error rate.
Invalid record format (84.36% of errors). The most common failure is a malformed DNS TXT record - missing the v=BIMI1 prefix, incorrect semicolon placement, or broken URLs. Copy-paste the syntax from the setup section above and double-check every character. One misplaced semicolon breaks the entire record.
Invalid a= tag (15.31% of errors). This usually means the certificate URL isn't using HTTPS, or it's pointing to a file that doesn't exist. Verify your PEM file is accessible over HTTPS at the exact URL specified. Test the URL in a browser - if it doesn't load, neither will your logo.
DMARC still at p=none. Among domains with technically valid BIMI records, 4.60% are still running p=none on their DMARC policy. A BIMI record without DMARC enforcement is a house built on sand.
Subdomain policy mismatch. You've set p=reject on your organizational domain but forgot to set sp=reject or sp=quarantine. BIMI checks the subdomain policy too. Set sp= explicitly in your DMARC record and never rely on inheritance.
SVG format errors. Embedding raster images inside the SVG, including scripts, using the wrong baseProfile, or leaving Illustrator's x/y attributes in place. Validate your SVG against the BIMI Group's spec before publishing.
Is BIMI Worth It in 2026?
Most guides tell you to implement it. Here's when you shouldn't.
You have a registered trademark and your audience is on Gmail/Apple Mail - get a VMC. The ROI is there. You're paying $780-$1,668/year for verified brand presence in two major consumer inbox providers. For high-volume senders, even a modest engagement lift pays for the certificate many times over.
No trademark? Get a CMC. At $650/year, it's the cheapest path to logo display on Gmail and Apple Mail. If your logo has been publicly visible on your domain for 12+ months, you qualify.
Small business or startup? Start with self-asserted. It's free. It works on Yahoo and Fastmail. It gets you familiar with the authentication requirements, and you can upgrade to a certificate later.
Your recipients are primarily on Outlook? Skip it for now. If 60%+ of your audience is on Microsoft 365, a VMC is $1,000+ per year for a logo that most of your recipients will never see. Invest that money in deliverability fundamentals instead (including how to improve sender reputation).
And here's the angle most guides miss entirely: before spending $1,000+/year on a VMC, make sure your contact data isn't sabotaging your deliverability in the first place. High bounce rates hurt sender reputation, which means fewer emails reach the inbox at all - logo or no logo. Prospeo verifies emails at 98% accuracy on a 7-day refresh cycle, and fixing your data costs a fraction of a VMC while having a bigger impact on whether your emails actually get seen. If you're building lists, start with name to email and sanity-check your sending limits with email velocity.
You're investing in BIMI to build trust with recipients - don't undermine it with bad contact data that tanks your sender reputation. Prospeo refreshes 300M+ profiles every 7 days and removes spam traps and honeypots automatically.
Protect your domain reputation at $0.01 per verified email.
Readiness Checklist
Before you publish that DNS record, run through this:
- SPF aligned and passing for all sending sources (use these SPF record examples)
- DKIM aligned and signing all outbound mail (here’s how to verify DKIM is working)
- DMARC at enforcement with
p=quarantineorp=reject - Subdomain policy set with
sp=quarantineorsp=reject pct=100in DMARC record- SVG logo in Tiny P/S format with
baseProfile="tiny-ps"andversion="1.2" - Logo file 32KB or smaller, square, centered, solid background
- No
x=ory=attributes on root<svg>element - VMC or CMC obtained if targeting Gmail or Apple Mail
- TXT record published with correct
l=anda=URLs - Test emails sent to Gmail, Yahoo, and Apple Mail accounts
- Bounce rate below 3-4% across all sending domains
- Sender reputation verified via Google Postmaster Tools or similar (use email reputation tools)
FAQ
Does Outlook support BIMI?
No. A Microsoft Q&A moderator/MVP confirmed there are no short-term plans or roadmap items for Exchange Online to support it. Logos won't display for Outlook.com, Hotmail, or Microsoft 365 recipients. B2B teams with Outlook-heavy audiences should prioritize deliverability fundamentals over certificate investment.
Do I need a trademark?
Not if you use a Common Mark Certificate. VMCs require a registered trademark, but CMCs only require your logo to have been publicly displayed on your domain for at least 12 months. CMCs are accepted by Gmail and Apple Mail and start around $650/year.
How long does setup take?
If DMARC is already at enforcement, expect 1-2 weeks total: SVG creation, certificate provisioning (7-10 days), and DNS propagation. Starting from scratch? Budget 6-8 weeks for the DMARC enforcement ramp-up before you begin the logo-specific steps.
Can I display my logo without a certificate?
Yes, on Yahoo Mail and Fastmail. Publish the DNS record with your SVG URL and those providers will display it without any certificate. Gmail and Apple Mail require a VMC or CMC. Self-asserted is a solid free starting point for testing before committing $650+/year.
How do I keep bounce rates low enough for good deliverability?
Keep bounce rates below 3-4% as a baseline. Verify your contact data before every send - catching invalid emails before they damage sender reputation directly affects whether your authenticated emails and logo reach the inbox.