Will DMARC and BIMI become global defaults?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Short version: DMARC is effectively already required. BIMI is heading that way for brands that care about it.
DMARC crossed the tipping point in February 2024 when Gmail and Yahoo Mail made it mandatory for bulk senders (anyone sending more than 5,000 emails a day to their users). If you're sending at any serious volume without DMARC, you're already fighting headwinds. Expect more mailbox providers to follow with similar requirements over the next few years.
The catch: DMARC has three policy levels. Having a record at p=none technically satisfies the requirement, but it doesn't actually protect your domain. The real goal is reaching p=reject or at least p=quarantine. That's where enforcement happens.
BIMI (Brand Indicators for Message Identification) lets you display your brand logo next to emails in supported inboxes. It requires DMARC at enforcement (p=quarantine or p=reject) as a prerequisite, plus a Verified Mark Certificate from an approved authority. The cost and complexity of VMCs means BIMI will stay optional for most senders, but for brands where recognition in the inbox matters, it's becoming worth the investment.
If you're not sure where your DMARC record stands, you can check it now with our free DMARC parser.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.