What image format does BIMI use and why SVG Tiny PS?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
BIMI uses SVG Tiny 1.2 Portable Secure, usually written as SVG Tiny PS or SVG P/S. It is not regular SVG. It is a locked-down subset, and mailbox providers will reject your logo if you hand them anything else.
What SVG Tiny PS actually is
The base spec is W3C SVG Tiny 1.2, a mobile profile of SVG built for low-power devices back in 2008. On top of that, the BIMI Group publishes a Portable/Secure profile that strips out anything risky for an inbox to render. So when someone says "the format comes from W3C," that is half right. W3C wrote SVG Tiny 1.2. BIMI Group wrote the rules on top of it.
The profile requires, among other things:
version="1.2"andbaseProfile="tiny-ps"on the root<svg>element- A
<title>element naming the brand - A square
viewBox(the BIMI Group recommends0 0 512 512) - No external references of any kind
- No scripting, no event handlers, no animation, no interactivity
- Solid fills only, no gradients, no filters, no masks, no clip paths beyond the basics
- File size kept small, target under 32 KB
If any of those rules are broken, validators flag it and Gmail, Yahoo, and Apple Mail will not display the logo. The BIMI Inspector at bimigroup.org will tell you exactly which line failed.
Why the format is locked down this hard
Three reasons, in order of how much they matter.
1. Security. Full SVG supports JavaScript, foreign objects, and external <image> or <use> references. Each one is a way to ship code or fetch a tracking pixel from inside the email client. A logo that runs scripts when the inbox renders it is a vulnerability, not a brand asset. Tiny PS forbids all of it. No <script>, no onload, no xlink:href to anything off-document.
2. Consistent rendering. Gmail, Yahoo, Apple Mail, and Fastmail all have different renderers. Gradients render differently. Filters render differently. Fonts pulled from external URLs render not at all. The Tiny PS profile cuts the spec down to the parts every renderer agrees on, so the logo looks the same in every inbox.
3. Predictable size. Inboxes load logos for billions of messages. A 200 KB SVG with embedded fonts and 50 paths is fine on a desktop browser and a problem at inbox scale. Tiny PS is small by design.
What this means practically
You do not export BIMI SVG from Illustrator and ship it. You export, then run it through the BIMI Inspector, then fix what it flags. Common breaks: leftover <metadata> from Adobe, embedded raster images, gradients masquerading as fills, and the wrong baseProfile attribute.
BIMI only works when DMARC is at enforcement (p=quarantine or p=reject), which is downstream of SPF and DKIM both aligning. If SPF is fragile, BIMI is not going to save your logo from disappearing. Worth reading what SPF actually is and why SPF alone does not prevent spoofing before chasing the logo.
For the protocol itself, the working draft lives at the IETF: draft-brand-indicators-for-message-identification. That is where the indicator selection and trust model are specified.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.