What is BIMI
BIMI (Brand Indicators for Message Identification) lets your verified logo appear next to authenticated emails in Gmail, Yahoo, and other platforms. It builds on SPF, DKIM, and DMARC, turning strong email security into a trust signal your customers can see.
People open branded emails, that’s a fact.
Why BIMI matters?
BIMI delivers three big wins for organisations:
- Your brand becomes more visible in busy inboxes, so your messages stand out and get noticed faster.
- People trust and engage with your emails more because they can see the message is really from you. This lowers the risk of them falling for phishing attempts.
- BIMI also helps your emails reach the inbox, since it relies on proper DMARC, SPF, and DKIM setup. Internet providers reward this with better inbox placement.
For boards and marketing teams, BIMI makes your security investment pay off as a visible branding benefit your customers see every day.
Why BIMI matters?
BIMI builds on DMARC, SPF, or DKIM and gives your email domain more authority. To set it up, you need to:
- Publish valid SPF, DKIM records for your sending domain.
- Move DMARC to an enforcement policy of p=quarantine or p=reject.
- Align these protocols across your domain so you pass authentication consistently.
After you’ve done that, you should:
- Create an SVG Tiny 1.2 version of your logo and host it on a secure (HTTPS) URL.
- Obtain a Verified Mark Certificate (VMC) or Certificate for Mark Authentication (CMC), depending on whether your logo is trademarked and the mailbox provider’s requirements.
- Publish a BIMI TXT record in DNS that points to your logo URL and, where needed, your certificate.
After these steps, inbox providers that support BIMI can show your logo next to authenticated emails, depending on their own rules and checks.
BIMI, DMARC, SPF and DKIM – how they fit together
BIMI is like the visible tip of the iceberg. Underneath, DMARC, SPF, and DKIM handle the main security work.
- SPF confirms the sending mail server is authorised to send on behalf of your domain.
- DKIM adds a cryptographic signature so the recipient can verify the message hasn’t been tampered with in transit.
- DMARC ties SPF and DKIM together, setting the policy for what should happen when an email fails these checks (none, quarantine or reject).
- BIMI uses this trusted authentication to safely show your verified logo in the inbox.
If SPF, DKIM, and DMARC are not set up correctly, BIMI will not work. That’s why many organisations find it hard to set up on their own.
What are VMC and CMC?
For many providers, especially Apple Mail and some larger ecosystems, a certificate is required before they will show your logo.
- A Certification Authority issues a Verified Mark Certificate (VMC) and proves you own a registered, trademarked logo.
- A Certificate for Mark Authentication (CMC) is used where the logo is not formally trademarked, but you can still prove long‑term brand ownership and use.
Both certificates provide mailbox providers with additional assurance that the logos they display are genuine and belong to your organisation.
How BeSecureOnline can help
BIMI can seem technical and complicated, with DNS changes, SVG logo rules, certificate steps, alignment checks, and ongoing monitoring. We handle all of that for you.
For UK and Irish organisations, BeSecureOnline can:
- Check and fix your SPF, DKIM and DMARC configuration so you meet BIMI’s technical prerequisites.
- Prepare and host your BIMI‑ready logo in the correct SVG format at a secure URL.
- Guide you through VMC or CMC acquisition, working with approved Certificate Authorities.
- Publish and validate your BIMI DNS records and provide ongoing monitoring and reporting.
If you want your brand to stand out in inboxes and protect against spoofing and phishing, BIMI is the next step.
Articles of interest