Summary
BIMI requires a DMARC policy set to either 'quarantine' or 'reject' for both the top-level organizational domain and all subdomains sending email. Strict enforcement of this DMARC policy is a necessity for BIMI implementation. A 'none' policy or a quarantine policy below 100% is insufficient for BIMI compliance.
Key findings
- DMARC Prerequisite: Implementation of a DMARC policy is a mandatory requirement for utilizing BIMI.
- Acceptable DMARC Policies: The DMARC policy must be configured as either 'quarantine' or 'reject' to satisfy BIMI standards.
- Scope of DMARC Coverage: The DMARC configuration applies to the top-level organizational domain and all subdomains used for sending emails.
Key considerations
- Policy Enforcement: DMARC policies must be strictly enforced across the entire email ecosystem, including all subdomains.
- Impact of 'Reject' Policy: Carefully evaluate the potential consequences of implementing a 'reject' policy before making the transition.
- Monitoring and Analysis: Establish systems to monitor and analyze DMARC reports to ensure proper policy function and identify potential issues.
What email marketers say
8 marketer opinions
To implement BIMI successfully, a DMARC policy must be in place and enforced on both the organizational domain and all sending subdomains. The required DMARC policy level is either 'quarantine' or 'reject' (p=quarantine or p=reject). A policy of 'none' or a quarantine policy set below 100% is insufficient for BIMI compliance.
Key opinions
- DMARC Requirement: BIMI mandates a DMARC policy to be implemented.
- Policy Level: The DMARC policy must be either 'quarantine' or 'reject'.
- Domain Scope: The DMARC policy must cover both the top-level organizational domain and all sending subdomains.
Key considerations
- Policy Enforcement: Ensure that the DMARC policy is actively enforced to comply with BIMI requirements.
- Gradual Rollout: Carefully consider the impact of a 'reject' policy before implementing it, and potentially start with a 'quarantine' policy for observation.
- Subdomain Coverage: Verify that all subdomains used for sending emails are included in the DMARC policy.
Marketer view
Email marketer from EmailonAcid shares that a DMARC policy set to either 'quarantine' or 'reject' is needed for both the organizational domain and its subdomains.
17 May 2025 - EmailonAcid.com
Marketer view
Email marketer from Reddit explains that for BIMI to work, you need DMARC set to quarantine or reject on your sending domain, including subdomains.
4 Feb 2023 - Reddit
What the experts say
2 expert opinions
BIMI requires a DMARC policy with either "reject" or "quarantine" for the top-level organizational domain and all sending subdomains. Strict enforcement of this DMARC policy is essential for BIMI compliance.
Key opinions
- DMARC Requirement: BIMI necessitates a DMARC record.
- Acceptable Policies: The DMARC policy must be either 'reject' or 'quarantine'.
- Scope of Enforcement: DMARC policy enforcement applies to both the top-level domain and all subdomains used for sending emails.
Key considerations
- Enforcement is Key: Ensure DMARC policies are strictly enforced across all domains and subdomains.
- Impact Assessment: Carefully assess the impact of implementing a 'reject' policy before making the change.
Expert view
Expert from Word to the Wise explains that BIMI requires strict enforcement. All sending domains, including subdomains, must have a DMARC record with a policy of either “quarantine” or “reject”.
24 Sep 2021 - Word to the Wise
Expert view
Expert from Email Geeks explains that BIMI requires that the registered top-level Organizational Domain and all subdomains be covered by a DMARC “reject” (or 100% “quarantine”) policy.
28 Apr 2025 - Email Geeks
What the documentation says
3 technical articles
BIMI implementation mandates a DMARC policy of either 'quarantine' or 'reject' for both the organizational domain and all subdomains that send mail. This policy needs to be enforced at the organizational level to ensure proper BIMI compliance.
Key findings
- DMARC Requirement: A DMARC policy is a prerequisite for BIMI adoption.
- Policy Options: The DMARC policy must be set to either 'quarantine' or 'reject'.
- Domain Scope: The DMARC policy applies to the main organizational domain and all its sending subdomains.
Key considerations
- Enforcement: DMARC must be actively enforced at the organizational level.
- Policy Choice: Carefully consider whether to use 'quarantine' or 'reject' based on your organization's risk tolerance and monitoring capabilities.
Technical article
Documentation from dmarcian outlines that for BIMI, a DMARC policy of either quarantine or reject must be in place and enforced at the organizational level, impacting all sending domains and subdomains.
5 Oct 2024 - dmarcian.com
Technical article
Documentation from BIMI Group explains that BIMI requires a DMARC policy with either 'reject' (p=reject) or 'quarantine' (p=quarantine) set for the organizational domain and any subdomains sending mail.
3 Jan 2022 - bimigroup.org
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do subdomains need their own DMARC records if the main domain has one?
Does a parent domain need BIMI for subdomain BIMI to work?
Does BIMI impact email deliverability?
Does BIMI require DMARC at the organizational level, and can it be implemented only at the subdomain level?
Does BIMI trickle down to subdomains and how to control subdomain BIMI display?
How do DMARC records on subdomains override root domain DMARC policies?
How do I implement BIMI for multiple brands with subdomains?
Should I add an explicit DMARC record for subdomains?
