What are the requirements to implement BIMI?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Want to get your brand logo showing up in Gmail and Yahoo inboxes? You'll need to stack a few pieces of email authentication infrastructure. Don't worry, we'll break it down.
The foundation is DMARC authentication at p=quarantine or p=reject. BIMI won't work if your DMARC is in p=none mode (that's basically saying you're not serious about protecting your domain yet). You'll also want your SPF and DKIM signatures properly aligned to your sending domain so your emails pass authentication checks.
Next comes the visual piece. You'll need a logo in SVG Tiny Portable Secure format (not your regular PNG or JPG). This is a specific flavor of SVG that keeps file size small and security tight. Then you'll publish a BIMI DNS record that points to that logo.
Finally, consider whether you need a Verified Mark Certificate. Some mailbox providers like Gmail require it, while others like Yahoo accept self-asserted logos without the certificate. If you want the widest support, a VMC is worth it (though it requires you to have a registered trademark and costs around $200-500 per year).
So Start by auditing your DMARC setup with a DMARC checker tool to make sure you're BIMI-ready.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.