Can I set up BIMI without a VMC certificate?

Yes, you can set up BIMI without a VMC, but its effectiveness will be limited. This is often referred to as 'self-asserted' BIMI. Mailbox providers like Yahoo and Fastmail support it, but major providers like Gmail and Apple Mail require a VMC for logo display.

How does DMARC relate to BIMI implementation?

BIMI relies on strong email authentication, particularly DMARC. If your DMARC policy is set to p=none, your BIMI logo will not display, even if all other technical aspects are correct. Your DMARC policy must be at p=quarantine or p=reject.

Will my BIMI logo always show once it's set up?

While technical setup is crucial, mailbox providers also consider your sender reputation and overall deliverability. If your emails frequently land in spam or your domain has a poor reputation (e.g., being on a blocklist or blacklist ), your BIMI logo may not display even with a valid VMC and BIMI record.

How do I set up BIMI? Is a VMC certificate always required? - Technical - Email deliverability - Knowledge base

Q: What are the main prerequisites for obtaining a VMC?

The primary requirement for a VMC is that your brand logo must be a registered trademark with a recognized intellectual property office (e.g., USPTO). Additionally, your domain must have a DMARC policy enforced (p=quarantine or p=reject).

Getting your brand's logo to appear next to your emails in the inbox is a powerful way to build trust and increase engagement. This is where Brand Indicators for Message Identification, or BIMI, comes in. It's an email specification that allows organizations to display their trademarked logos in the inbox, but setting it up involves several technical steps and, often, a Verified Mark Certificate (VMC).

The question of whether a VMC certificate is always required for BIMI is a common one. While it's not universally mandatory across all mailbox providers, major players like

Google

and Apple Mail generally do require one. Understanding these nuances is crucial for successful BIMI implementation.

Core BIMI prerequisites

Before you even consider BIMI, your domain must have a robust email authentication foundation. This means properly configured SPF, DKIM, and DMARC records in place. BIMI relies heavily on DMARC, specifically requiring your DMARC policy to be set to either p=quarantine or p=reject. This strict enforcement tells receiving mail servers that you're actively protecting your domain from unauthorized use and phishing attempts.

Without this strong DMARC policy, most email providers will not display your BIMI logo, even if all other elements are correctly configured. It's the foundational security layer that validates your sending domain and ensures your brand's authenticity. If you're new to DMARC, it's essential to understand its setup process and key considerations to avoid potential deliverability issues.

Once your email authentication is robust, you can proceed with the visual aspects of BIMI. This involves creating a Scalable Vector Graphics (SVG) file of your brand logo and hosting it on a secure server. The SVG format is crucial because it allows the logo to scale without losing quality, adapting to various screen sizes and resolutions. You'll then reference this logo's URL in your BIMI DNS record.

Example of a BIMI DNS TXT record without a VMC

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/your-logo.svg; a=;"

Ensuring DMARC enforcement

BIMI mandates DMARC with an enforcement policy (p=quarantine or p=reject). If your DMARC is set to p=none, your BIMI logo will not display. This is a critical prerequisite for all BIMI implementations, whether you're using a VMC or relying on self-assertion.

The VMC requirement: when is it needed?

The Verified Mark Certificate (VMC) is a digital certificate that proves your ownership of a trademarked logo. It acts as a verifiable link between your domain and your brand's visual identity. While the core BIMI specification does allow for self-asserted BIMI (without a VMC), the reality is that major mailbox providers require a VMC for your logo to appear.

For instance,

Gmail and

Apple Mail explicitly require a VMC. This is a critical security measure to prevent bad actors from impersonating brands. Without a VMC, your logo simply won't show up in these inboxes, even if your DMARC is perfectly configured. This is a key reason why many organizations ultimately opt for a VMC. You can learn more about BIMI requirements for Google and Gmail.

However, some providers, like

Yahoo

and Fastmail, have historically supported BIMI logo display without a VMC. This means you can still get your logo to show up for a segment of your audience, even if you choose not to invest in a VMC immediately. You can find Yahoo's official guidance on BIMI for more details. For a comprehensive overview, explore which email clients support BIMI and their specific requirements.

Mailbox provider	VMC required	Notes
Gmail	Yes	Requires a VMC and DMARC enforced policy.
Yahoo Mail	No	Supports BIMI without VMC (self-asserted).
AOL Mail	No	Supports BIMI without VMC (self-asserted), similar to Yahoo.
Apple Mail	Yes	Requires a VMC and DMARC enforced policy.

BIMI with VMC

Verification: Provides strong assurance of logo ownership through a trusted Certificate Authority.
Provider support: Required by major mailbox providers like Google and Apple Mail for logo display.
Cost and time: Involves purchasing a certificate and a potentially lengthy trademark registration process.
Brand trust: Higher level of trust and brand recognition due to verified logo.

Self-asserted BIMI (without VMC)

Verification: No independent verification of logo ownership beyond DMARC compliance.
Provider support: Supported by fewer mailbox providers, such as Yahoo and Fastmail.
Cost and time: Generally free to implement, requiring only DNS record setup and logo hosting.
Brand trust: Lower level of inherent trust compared to VMC-backed BIMI.

Setting up BIMI with a VMC

If you've determined that a VMC is necessary for your BIMI implementation, here's a detailed breakdown of the steps involved. The overall requirements and implementation steps for BIMI can be complex, so it's important to follow each one carefully.

Trademark your logo: Your logo must be a registered trademark with a recognized intellectual property office. This is a non-negotiable step for obtaining a VMC.
Prepare your SVG file: The SVG file of your logo needs to meet specific BIMI requirements. It must be an SVG Tiny 1.2 profile, secured via HTTPS, and publicly accessible. There are tools to validate your BIMI SVG for compliance.
Obtain a VMC: You'll need to purchase a VMC from a trusted Certificate Authority, such as DigiCert or GlobalSign. The CA will verify your organization's identity and logo trademark. This process can take time due to the validation required.
Publish your BIMI DNS record: Once you have your VMC file, you'll need to update your BIMI DNS TXT record. This record will include pointers to both your SVG logo file and your VMC file.

Example of a BIMI DNS TXT record with a VMC

default._bimi.yourdomain.com IN TXT "v=BIMI1; l=https://yourdomain.com/your-logo.svg; a=https://yourdomain.com/your-vmc.pem;"

It's important to remember that even with a VMC, your logo's display is ultimately at the discretion of each mailbox provider. They have their own internal criteria, often tied to your domain's sending reputation and overall email deliverability. Successfully implementing BIMI, even with a VMC, is not just about technical setup, but also about being a consistently good sender.

Trademarking your logo for VMC

A common hurdle for VMC acquisition is the requirement for a legally registered trademark of your logo. Ensure your logo is trademarked with a recognized intellectual property office (e.g., USPTO in the US) before applying for a VMC. This step is critical and can take significant time.

The trademark must also exactly match the logo you intend to use for BIMI. Even minor differences can cause issues during the VMC validation process.

Beyond the technical setup: reputation and provider policies

Beyond the technical steps, maintaining excellent email deliverability is key. Even with all BIMI elements configured correctly, your logo might not display if your emails are frequently landing in spam folders or your domain has a poor sender reputation. Continuously monitor your sending practices and DMARC reports to identify and address any issues. For example, being listed on an email blocklist (or blacklist) can severely impact your ability to get emails delivered, let alone have your logo displayed. Understanding what happens when your domain is on a blacklist is a crucial part of email hygiene.

It's also important to stay updated on provider-specific policies. What works for Yahoo may not work for

Google. Mailbox providers often have additional, unstated criteria related to sender reputation, volume, and engagement metrics that influence logo display. Therefore, consistent inbox placement should be a continuous goal, as it contributes significantly to whether your BIMI logo will actually be seen by recipients. For more information, you can also consult Google's official documentation on BIMI setup.

Views from the trenches

Best practices

Ensure your DMARC policy is at enforcement (p=quarantine or p=reject) before attempting BIMI.

Trademark your logo through a recognized authority well in advance of VMC application.

Always validate your SVG file to ensure it adheres to BIMI's specific formatting requirements.

Maintain strong email deliverability practices to increase the likelihood of logo display.

Common pitfalls

Attempting BIMI without an enforced DMARC policy, leading to logo non-display.

Failing to trademark the logo, which prevents obtaining a VMC for major providers.

Using an improperly formatted SVG file, causing rendering issues or non-display.

Assuming technical setup alone guarantees logo display, neglecting sender reputation.

Expert tips

Monitor your DMARC reports diligently to catch any authentication failures or policy issues.

Understand that even with a VMC, mailbox providers retain the final say on logo display based on various factors.

Consider starting with self-asserted BIMI for providers that support it, then add a VMC later for broader coverage.

Regularly review provider guidelines as BIMI standards and requirements can evolve.

Expert view

Expert from Email Geeks says that while BIMI without a VMC is possible, it typically only works with Fastmail and Yahoo, though some caveats apply.

2023-12-12 - Email Geeks

Marketer view

Marketer from Email Geeks says that GoDaddy does not currently support BIMI, and Google generally requires a VMC for logo display.

2023-12-12 - Email Geeks

Summary of BIMI and VMC requirements

Setting up BIMI is a multi-step process that combines robust email authentication with proper logo and certificate management. While a VMC isn't always required, it's increasingly becoming a standard for displaying your brand's logo in the most widely used inboxes, particularly

Gmail and Apple Mail. Ultimately, the decision to obtain a VMC depends on your target audience and your desired level of brand authentication and visibility.

Regardless of whether you choose to implement a VMC, ensuring your domain has proper DMARC enforcement and maintaining a strong sender reputation are paramount. These factors not only enable BIMI but are fundamental to overall email deliverability and inbox placement. By carefully navigating these steps, you can enhance your email presence and build greater trust with your recipients.