BIMI piloting

  • Updated

BIMI stands for Brand Indicators for Message Identification and is an email authentication standard that allows you to display a verified company logo in your recipients' inboxes when sending a properly authenticated email. They can immediately trust that it is an actual email from you and not a dangerous phishing attempt. BIMI does not guarantee 100% deliverability, but it can help you achieve more brand recognition and trust, a higher sender reputation and ultimately better email KPIs.

Current state of adoption

The BIMI standard is relatively new and still in the piloting phase at many Internet Service Providers (ISPs). The distribution and further development are being driven by the AuthIndicators Working Group, which offers further information on the current status at

State of adoption as of September 2022:


Source:, September 2022

A full implementation is already possible with the mobile and web clients from Yahoo and AOL as well as Google, Apple and Fastmail. To send authenticated emails with BIMI, see Implementing BIMI.

Functionality and requirements

To set up BIMI, the basic authentication standards must be in place, including Sender Policy Framework (SPF), DomainKeys Identified Mail (DKIM) and Domain-Based Message Authentication Reporting and Conformance (DMARC). See Email authentication and encryption.

The BIMI standard expects a DMARC setup on the primary domain. Many ISPs who are implementing BIMI or who are considering BIMI support in the future recommend that senders start to prepare now and implement DMARC. See DMARC implementation.

The BIMI setup itself is done by creating a BIMI text record on the domain which is to be authenticated with the company logo in the future. The record will contain a reference to the company logo and possibly a so-called Verified Mark Certificate (VMC) that officially validates the logo. The logo itself must be delivered as a Scalable Vector Graphic (SVG Tiny 1.2 Portable/Secure) with further specific format requirements. VMCs are required to use BIMI and can currently be purchased from Entrust or Digicert. Only at Yahoo and AOL they are not currently required.

When attempting to deliver an email, the participating ISPs will verify the DMARC setup on the one hand and the BIMI setup on the other. If both checks are successful, the ISPs will pull the logo from the URL in the BIMI record to display the BIMI image in the inbox next to your email. ISPs state that a good sender reputation is essential for this.

Technical specifications

BIMI record

To use BIMI, a BIMI record must be created for your sending domain which should benefit from the verified logo display in the end. This can be a primary domain or a subordinated sending domain.

Example BIMI record:

  • Example domain.
  • BIMI domain.
  • Record type. TXT
  • BIMI record. v=BIMI record. v=BIMI1; l=; a=;

Available BIMI tags

The following table provides an overview of the possible BIMI tags and the implementation options.

Tag Definition Implementation
v Version The v tag is required and must be set with v=BIMI1.
l Location The l tag is required and indicates the location of the logo you want to display. It is specified as a URL with HTTPS. HTTP will not work.
a Trust authorities The a tag is required for the BIMI setup with Google and is used to validate domain ownership using a Verified Mark Certificate. The accepted values are:
  • self. No validation option, similar to not having an a tag.

  • cert. Provides an HTTPS URL to a Verified Mark Certificate that can be used to validate the logo in the l tag.

  • mva. Specifies an HTTPS URL to an API endpoint that can be queried for validation.

Image requirements

The BIMI standard requires the creation of a logo in the image format SVG Tiny 1.2 Portable/Secure, in short SVG P/S.

The SVG P/S format is stricter than SVG Tiny 1.2 and requires the image to be a centered, square image of your official company logo without any additional text on a background of solid colour. Additionally, the image should be as small as possible, not exceed 32 KB and further resources like external links, scripts or interactive elements must not be included. You can find a full list of the required elements at

BIMI selector

The BIMI domain in this example, starts with the BIMI selector. It serves the mailbox provider to identify and look up the associated BIMI record and logo. The standard selector name is called default and is the only one that is currently accepted by the supporting ISPs, Yahoo & AOL in particular.

Theoretically, if you plan on rolling out BIMI to multiple brands using the same sending domain, there is also the option to work with several selectors. However, different selectors would also make a technical adjustment to the email itself necessary. Since this option is still under development and is currently not supported anyway, you should work with different sending domains and thus separate BIMI records to differentiate between brands.

Implementing BIMI

To implement BIMI, do the following:

  1. Authenticating emails
  2. Creating an SVG logo
  3. Acquiring a VMC
  4. Setting up the BIMI record
  5. Analyzing the results

Authenticating emails

BIMI requires the authentication of your emails with SPF, DKIM and DMARC. If you are unsure, you can send a test email and check in the email header whether the authentication requirements are met or simply ask your IT administrator. For further information on the required DNS setup, see Setting up your domain on Optimizely World. For information on how to implement DMARC, see DMARC implementation.

The BIMI standard requires DMARC on the primary domain with a DMARC policy set to either p=quarantine or p=reject. Optimizely strongly recommends the p=reject policy.

Additionally, parameters that weaken the DMARC application such as sp=none or any percentage below 100 pct<100 are not allowed.

The BIMI implementation can currently be implemented with the web and mobile clients of Yahoo, AOL , Google, Apple and Fastmail. For Yahoo and AOL, the DMARC record on the sending domain is currently sufficient. All other providers, on the other hand, require the DMARC record on the primary domain, as is generally defined for the BIMI standard. So that you are on the safe side with future developments, you should implement DMARC on the primary domain.

Creating an SVG logo

To implement BIMI, you need to create a company logo as a Scalable Vector Graphic. The exact version supported by BIMI is SVG Tiny 1.2 Portable/Secure (SVG P/S). The SVG BIMI logo must

  • be squared and centered
  • only include your logo without text and the background should be of a solid color
  • should be as small as possible and not exceed 32 KB
  • not include external links, scripts, animation, or other interactive elements

Once created, store the SVG image in HTTPS and it is ready to be added to your BIMI record.

At you can find further information on creating SVG BIMI logos and SVG conversion tools.

Acquiring a VMC

The BIMI standard generally provides for the BIMI logo to be validated by a certification body so that its authenticity can be guaranteed. With a Verified Mark Certificate (VMC) they certify the logo owner and make the proof of the certification in the DNS of the sending domain accessible.

A VMC is required for using BIMI, only Yahoo and AOL do not require any certificate at the moment. So far, the following certification authorities are available:

The BIMI Working Group expects that the acquisition of VMCs will also be possible with other partners in the future.

Setting up the BIMI record

A TXT record with the prefix default._bimi must be created for the sending domain for which BIMI is ultimately to be used. The Optimizely recommended entry is as follows:

  • Example domain.
  • BIMI domain.
  • Record type. TXT
  • BIMI record. v=BIMI1; l=; a=;

Replace with your sending domain and l=https// with the image URL of your SVG image. Note that the URL must be based on HTTPS.

If you do not want to use a certificate and only want to implement BIMI with AOL and Yahoo, the parameter a= can be omitted.

Analyzing the results

There are tools that you can use to create your BIMI record and/or to verify it afterwards. One of them is the BIMI Inspector provided by

After the successful implementation of the BIMI record, your SVG logo should now be displayed in the participating email clients. Check over time whether the implementation has reduced phishing attempts and improved your email KPIs.