DEV Community

Regő Botond Ronyecz
Regő Botond Ronyecz

Posted on

BIMI and VMC: Should Your Business Add a Logo to Emails?

#email #deliverability #bimi #vmc

Your logo appears in the inbox, next to your email, before the recipient opens it. No subject line tricks. No sender name optimization. Just your brand mark, visible in the inbox the same way a verified checkmark signals trust on social media.

That's BIMI. It's real, it's live in Gmail, Yahoo Mail, and Apple Mail, and the setup is more straightforward than most people expect — with one significant exception that determines whether it costs you 15 minutes or $1,499 a year.

This guide covers exactly what BIMI requires, what the VMC certificate is and when you actually need it, and the precise steps to get your logo showing in inboxes.

What BIMI Actually Is

BIMI (Brand Indicators for Message Identification) is a DNS TXT record that links a verified logo to your email domain. When a recipient's mail client supports BIMI and sees your domain, it checks for the BIMI record, fetches the logo from the URL in that record, and displays it in the inbox next to the sender name.

The result is visible in:

  • Yahoo Mail — BIMI logo shown without any additional certificate requirement
  • Apple Mail (iOS 16+ and macOS Ventura+) — BIMI logo shown without additional certificate
  • Gmail — BIMI logo shown, but only if you have a VMC certificate (more on this below)

The key distinction: Gmail treats BIMI differently from other clients. Everyone else will show your logo with a correctly configured BIMI record. Gmail requires an additional paid certificate on top of that.

BIMI is not a spam filter signal. It does not directly improve your deliverability or affect whether emails reach the inbox. What it does is make your emails visually identifiable in the inbox at a glance — which affects open rates, trust, and phishing resistance (recipients learn to recognize your logo and notice when it's missing).

The Prerequisites: What Has to Be in Place First

BIMI has hard requirements. If any of these are missing, the logo will not appear regardless of how correctly your BIMI record is configured.

DMARC at p=quarantine or p=reject

This is the most common blocker. BIMI requires your domain to have DMARC enforcement active — p=quarantine or p=reject. If your DMARC policy is p=none, BIMI will not activate.

Check your current DMARC policy:

dig _dmarc.yourdomain.com TXT +short
Enter fullscreen mode Exit fullscreen mode

If you see p=none in the output, fix that first. The standard approach is to start at p=none to collect reports, then move to p=quarantine once you've confirmed all legitimate email sources pass SPF and DKIM, then eventually to p=reject.

Do not skip to p=reject immediately. Start at p=quarantine, monitor DMARC reports for two to four weeks to confirm no legitimate mail is failing, then advance to p=reject if everything is clean.

A publicly accessible SVG logo

BIMI requires a logo file hosted at a public HTTPS URL. This is not just any SVG file — it must be SVG Tiny 1.2, a strict subset of the SVG specification. Regular SVG files produced by Illustrator, Figma, or most design tools will not pass BIMI validation, even if they render correctly in browsers.

Common SVG Tiny 1.2 failures:

  • CSS <style> blocks — SVG Tiny 1.2 requires inline attributes, not stylesheets
  • Missing viewBox attribute
  • Gradients and filters — not supported in SVG Tiny 1.2
  • Non-square aspect ratio — the spec requires a square logo

The BIMI Group publishes an official converter at bimigroup.org/svg-conversion that converts standard SVG files to Tiny 1.2 compliant format. Run your logo through it, then validate the result at validator.bimi-group.org before adding the DNS record. An invalid SVG means no logo — and no error message telling you why.

The logo file must be hosted at a URL you control over HTTPS. A common convention is https://yourdomain.com/logo.svg, but any publicly reachable HTTPS URL works.

The BIMI DNS Record

Once your DMARC policy is at p=quarantine or p=reject and your SVG logo is validated and hosted, the DNS record is a single TXT entry:

Record type: TXT
Name:        default._bimi
Value:       v=BIMI1; l=https://yourdomain.com/logo.svg; a=
Enter fullscreen mode Exit fullscreen mode

The l= field is the URL of your logo file. The a= field is where the VMC certificate URL goes — leave it empty if you don't have one (the field is still required, just with no value).

Cloudflare:

1. dash.cloudflare.com → select domain → DNS → Add record
2. Type: TXT
3. Name: default._bimi
4. Content: v=BIMI1; l=https://yourdomain.com/logo.svg; a=
5. Proxy status: DNS only (grey cloud — never proxy BIMI records)
6. Save
Enter fullscreen mode Exit fullscreen mode

GoDaddy:

1. My Products → DNS next to your domain → Add → Type: TXT
2. Host: default._bimi
3. TXT Value: v=BIMI1; l=https://yourdomain.com/logo.svg; a=
4. TTL: 1 Hour → Save
Enter fullscreen mode Exit fullscreen mode

Namecheap:

1. Domain List → Manage → Advanced DNS → Add New Record
2. Type: TXT Record
3. Host: default._bimi
4. Value: v=BIMI1; l=https://yourdomain.com/logo.svg; a=
5. TTL: Automatic → green checkmark
Enter fullscreen mode Exit fullscreen mode

AWS Route53:

1. Route 53 → Hosted zones → click your domain → Create record
2. Type: TXT
3. Record name: default._bimi
4. Value: "v=BIMI1; l=https://yourdomain.com/logo.svg; a="
   (Route53 requires the value wrapped in double quotes)
5. TTL: 300 → Create records
Enter fullscreen mode Exit fullscreen mode

Verify the record is live:

dig default._bimi.yourdomain.com TXT +short
Enter fullscreen mode Exit fullscreen mode

The VMC Question: Do You Actually Need It?

This is where most BIMI guides either oversimplify or overstate the requirement. The answer depends entirely on which inbox providers matter most to your recipients.

Without a VMC:

  • ✓ Logo appears in Yahoo Mail
  • ✓ Logo appears in Apple Mail (iOS 16+, macOS Ventura+)
  • ✗ Logo does not appear in Gmail

With a VMC:

  • ✓ Logo appears in Yahoo Mail
  • ✓ Logo appears in Apple Mail
  • ✓ Logo appears in Gmail

A Verified Mark Certificate (VMC) is a certificate issued by a Certificate Authority that cryptographically ties your logo to your trademarked brand. The only current VMC issuer is DigiCert — Entrust discontinued VMC issuance in 2023. The cost is approximately $1,499–$2,499 per year.

The VMC is not just a paid certificate. It has its own prerequisite: your logo must be a registered trademark in the jurisdiction where you operate. DigiCert verifies this during the application process. If your logo is not formally registered as a trademark, you cannot obtain a VMC regardless of budget.

The decision framework is simple:

Situation Recommendation
Your audience is primarily Yahoo Mail or Apple Mail users BIMI without VMC — free, 15-minute setup
Your audience is primarily Gmail users and logo visibility in Gmail is a priority BIMI + VMC — $1,499+/year, requires trademark registration
Your logo is not a registered trademark BIMI without VMC — VMC is not available to you yet
You send primarily B2B email to corporate domains on Google Workspace Consider VMC — most corporate Gmail users are on Workspace
You're a small SMB testing deliverability improvements Start without VMC — validate the impact before investing

For most SMBs, the right starting point is BIMI without a VMC. Your logo will appear in Yahoo and Apple Mail immediately. If you later decide Gmail visibility justifies $1,499/year and you have a registered trademark, adding a VMC is a straightforward upgrade — you add the VMC URL to the a= field in your existing BIMI record.

Full Setup Checklist

Walk through these in order. Each one is a hard dependency on the next.

□ 1. DMARC record exists with p=quarantine or p=reject
      dig _dmarc.yourdomain.com TXT +short

□ 2. SPF and DKIM both passing (DMARC requires both)
      Send a test email and check headers for spf=pass and dkim=pass

□ 3. Logo file is SVG Tiny 1.2 compliant
      Convert: bimigroup.org/svg-conversion
      Validate: validator.bimi-group.org

□ 4. Logo file is hosted at a public HTTPS URL
      curl -I https://yourdomain.com/logo.svg
      (Should return 200 OK)

□ 5. Logo has a square aspect ratio
      Check viewBox in the SVG file — width and height values should be equal

□ 6. BIMI TXT record added at default._bimi
      dig default._bimi.yourdomain.com TXT +short

□ 7. (Optional) VMC purchased from DigiCert and URL added to a= field
      Only if trademark is registered and Gmail logo display is a priority

□ 8. Full BIMI setup validated
      bimigroup.org/bimi-generator
Enter fullscreen mode Exit fullscreen mode

What Breaks When You Skip Steps

DMARC at p=none. The most common reason a correctly configured BIMI record produces no visible logo. Mail clients check DMARC enforcement before rendering BIMI. A p=none policy fails silently — your BIMI record is technically present, the logo URL is reachable, and nothing shows in the inbox.

Invalid SVG. Standard SVG files fail BIMI validation. The failure is silent — the mail client simply doesn't display the logo. The validator at validator.bimi-group.org is the only way to confirm compliance before you add the DNS record.

HTTP instead of HTTPS for the logo URL. The logo must be served over HTTPS. HTTP will not work, even if the file is reachable.

Expecting the Gmail logo without a VMC. Gmail requires the VMC certificate. If your BIMI record is correctly configured but the a= field is empty, your logo will appear in Yahoo and Apple Mail and not in Gmail. This is expected behavior, not a configuration error.

Entrust VMC certificates. Entrust discontinued VMC issuance in 2023. If you have an Entrust VMC from before that date, check its expiry — renewal is not available through Entrust. DigiCert is the only current VMC issuer.

Is BIMI Worth It?

For most businesses sending high-volume B2C email — e-commerce, financial services, SaaS with a large end-user base — the answer is yes, for the no-VMC setup. The cost is 15 minutes and a compliant SVG file. Your logo appears in Yahoo and Apple Mail inboxes immediately.

The case for a VMC is narrower. If your audience is primarily Gmail users, your logo is a registered trademark, and open rate impact on $1,499–$2,499/year is worth modeling for your email volume, the VMC adds Gmail coverage. For SMBs with smaller lists, the math typically favors starting with BIMI-only and revisiting VMC when volume justifies it.

BIMI is a late-stage optimization. Get SPF, DKIM, DMARC, and blacklist status right first. Those affect whether your emails reach the inbox at all. BIMI affects how they look once they get there.

ZeroHook's 30-point audit includes BIMI validation — it checks whether your logo is reachable at your domain, whether your DMARC policy meets the p=quarantine or p=reject threshold, and whether the DNS record is correctly formatted. The fix guide walks through SVG requirements and provider-specific setup steps: zerohook.org

TL;DR

  • BIMI is a DNS TXT record at default._bimi that links a verified SVG logo to your email domain so it appears in Yahoo Mail, Apple Mail, and (with a VMC) Gmail
  • Two hard prerequisites: DMARC at p=quarantine or p=reject, and an SVG Tiny 1.2 compliant logo hosted over HTTPS — standard SVG files will silently fail
  • VMC is optional for most setups — without it, your logo shows in Yahoo and Apple Mail but not Gmail; with it ($1,499+/year from DigiCert, trademark required), it shows in Gmail too
  • Entrust VMCs are discontinued — DigiCert is the only current issuer
  • Setup without VMC takes 15 minutes once DMARC is enforced and the SVG is validated
  • Fix SPF, DKIM, and DMARC first — BIMI is a branding layer on top of working email authentication, not a replacement for it

*Part of an ongoing series on email deliverability and DNS security.

Top comments (0)