How will BIMI v2 or Brand-Trust standards evolve?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
BIMI v1 does one thing: shows your brand logo in supported inboxes when you meet strict DMARC requirements and have a verified mark certificate (VMC). The AuthIndicators Working Group, which steers BIMI's development, wants to go further.
The direction BIMI v2 and related Brand Trust initiatives are pointing toward includes richer brand metadata (more than just a logo), verified organizational identity (not just a domain, but a recognized legal entity behind it), stronger certificate requirements, and anti-spoofing enhancements that go beyond what the VMC alone provides.
The thinking is that a logo in the inbox is step one of building verified brand trust at the mailbox level. Step two is attaching verifiable organizational identity to that logo. The goal: make it harder to spoof a brand's presence even for domains that don't have BIMI set up yet, and give recipients clearer signals about whether they're talking to the real company.
So In practice, none of this changes what you need to do today. The foundation is still the same: get to DMARC p=reject, set up aligned DKIM, and then pursue BIMI v1 if visible brand identity in the inbox matters for your audience. BIMI v2 will build on top of that foundation.
You can check if your current DMARC policy qualifies for BIMI with our free DMARC parser. BIMI requires p=quarantine or p=reject to start.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.