3,932 Australian domains analysed. Most fail basic email authentication. [2026 Report]

BIMI

A DNS standard that lets a domain owner publish a logo to display next to authenticated messages in supporting mail clients.

Definition

BIMI (Brand Indicators for Message Identification) is a DNS-based standard that lets a domain owner publish a brand logo, displayed by supporting mail clients next to authenticated messages from that domain. BIMI is not an authentication protocol itself — it builds on top of DMARC. A domain must already be enforcing DMARC at p=quarantine or p=reject before any BIMI logo will display, and many providers additionally require a VMC (Verified Mark Certificate) issued by an authorised certificate authority to prove the logo is legitimately owned.

How it works

A BIMI record is a DNS TXT record published at default._bimi.<domain> that points to a SVG logo file (specifically, the constrained SVG Tiny PS profile) and optionally to a VMC certificate. Major providers including Gmail, Yahoo Mail, Apple Mail (iOS 16+), and Fastmail support BIMI, though support and VMC requirements vary. Gmail and Apple require a VMC; Yahoo accepts BIMI without one for some senders.

The business case for BIMI is brand visibility and trust: an authenticated message with a logo is visually distinct in a crowded inbox and signals that the sending domain has invested in email authentication. The cost is non-trivial — a VMC from Entrust or DigiCert typically runs USD $1,200–$1,500 per year, plus the technical work to enforce DMARC. BIMI is most relevant for high-volume senders and brands where inbox visibility directly drives revenue.

Example

A BIMI record published at default._bimi.example.com:

v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem

The l= tag points to the SVG logo (must be SVG Tiny PS, square aspect, hosted on HTTPS). The a= tag points to the Verified Mark Certificate. Without a VMC, Gmail and Apple Mail will not display the logo even if the BIMI record is otherwise correct.

Related Terms

DMARC An email authentication policy framework that uses SPF and DKIM to detect and prevent doma... DKIM A cryptographic signature attached to outbound email that proves the message was authorise... SPF A DNS-published list of IP addresses and hostnames authorised to send email on behalf of a...

Try the tool

DMARC Busta has a free tool that helps with this concept directly.

Open tool

Automate your DMARC

DMARC Busta puts SPF, DKIM, and DMARC management on autopilot — across one domain or 10,000.

Start free trial