Summary
Setting up DMARC for BIMI involves multiple steps and considerations. It begins with deploying SPF and DKIM, ensuring they align with the From address and cover all mail streams. Implementing DMARC in 'p=none' mode allows for monitoring and identifying missed mail streams, with subsequent SPF and DKIM deployment. Gradual escalation to stricter DMARC policies (quarantine or reject) is necessary, with correct authentication being critical. The domain must be DMARC enforced, and a Validated Mark Certificate (VMC) is essential for logo ownership. BIMI displays brand logos in supporting inboxes, enhancing visibility and trust. Monitoring DMARC reports aids in email security maintenance. A BIMI DNS record must be published. A VMC authenticates the logo, preventing spoofing. DMARC policy options include 'none' (monitoring), 'quarantine' (spam), and 'reject' (block). A valid SSL certificate is required for the logo URL. BIMI's cost is primarily the VMC. Some email programs may not yet support BIMI. Some may already have processes via MXToolbox
Key findings
- DMARC/SPF/DKIM Alignment: Proper deployment and alignment of SPF and DKIM are crucial for DMARC functionality.
- DMARC Enforcement: Domain must be DMARC enforced to leverage BIMI.
- VMC Necessity: A Validated Mark Certificate (VMC) is essential for proving logo ownership and authenticity.
- Brand Enhancement: BIMI enhances brand visibility, trust, and engagement through logo display.
- Security Improvement: DMARC and BIMI together improve email security by preventing spoofing and ensuring authentication.
Key considerations
- Gradual DMARC Escalation: Start with 'p=none' and gradually escalate DMARC policies based on monitoring and assessment.
- Authentication Accuracy: Ensure correct authentication for SPF, DKIM, and DMARC to prevent deliverability issues.
- Monitoring Importance: Regularly monitor DMARC reports to identify and address authentication failures or malicious activity.
- VMC Procurement: Factor in the cost and process of obtaining a Validated Mark Certificate (VMC) for your logo.
- BIMI Support Limitations: Be aware that not all email programs currently support BIMI, which may limit its reach.
- Assess Mail Streams: Assess mail streams to determine the correct SPF and DKIM settings.
What email marketers say
9 marketer opinions
Setting up DMARC for BIMI involves several key steps and considerations. Initially, your domain must have DMARC enforcement enabled to leverage BIMI, and someone within your organization may already be utilizing tools like MXToolbox to process DMARC reports. The implementation includes ensuring DMARC is correctly configured, obtaining a Validated Mark Certificate (VMC) for your logo, and publishing the BIMI DNS record. BIMI enhances brand visibility, improves email security, and increases brand trust and customer engagement. It requires a correctly configured DMARC policy (starting with 'p=none' for monitoring before stricter enforcement), a VMC to authenticate the logo, and the BIMI DNS record. BIMI encourages strong email authentication practices and ensures the displayed logo is authentic, preventing spoofing. The process includes DMARC implementation, SSL certificate enablement for your logo URL, and publishing the BIMI record in DNS. While BIMI is largely free, the VMC does incur a cost.
Key opinions
- DMARC Enforcement: Your domain needs DMARC enforcement to use BIMI.
- VMC Requirement: A Validated Mark Certificate (VMC) is essential for logo authentication.
- BIMI DNS Record: Publishing the BIMI DNS record is a crucial step in the setup.
- Brand Visibility: BIMI increases brand visibility and trust in email inboxes.
- Security Enhancement: BIMI improves email security through DMARC and logo authentication.
Key considerations
- DMARC Configuration: Ensure DMARC is correctly configured, starting with a 'p=none' policy to monitor email streams before enforcing stricter policies.
- Cost of VMC: Budget for the cost of obtaining a Validated Mark Certificate (VMC) for your logo.
- Monitoring Reports: Regularly monitor DMARC reports to maintain email security and identify potential issues.
- SSL Certificate: Enable a valid SSL certificate for your logo URL to ensure it is securely accessible.
- Process Overview: The implementation process includes DMARC setup, VMC procurement, BIMI DNS record publication, and ongoing monitoring of email streams.
Marketer view
Email marketer from ZeroBounce shares that BIMI requires a Validated Mark Certificate (VMC) to ensure the logo displayed is authentic and owned by the sender. This helps prevent spoofing and increases trust.
14 Jun 2025 - ZeroBounce
Marketer view
Email marketer from Mailhardener talks about BIMI being largely free except for the cost of a VMC. They encourage marketers to setup DMARC first to ensure BIMI works.
28 Jul 2024 - Mailhardener
What the experts say
2 expert opinions
Setting up DMARC for BIMI involves deploying SPF and DKIM, ensuring they align with the From address, and deploying on all mail streams. Start with DMARC in p=none mode, monitoring feedback reports to identify missed mail streams and deploy aligned SPF and DKIM on those, repeating the process for at least three months before escalating to enforcing policies and ultimately BIMI. Also, BIMI allows displaying your brand logo in supporting inboxes, but requires strict DMARC policies (reject or quarantine) with correct authentication. Note that not all email programs support it yet.
Key opinions
- SPF and DKIM Alignment: SPF and DKIM must align with the From address for successful DMARC implementation.
- Iterative DMARC Deployment: Start with a 'p=none' DMARC policy and gradually escalate to stricter policies after monitoring.
- Strict DMARC Requirements: BIMI requires strict DMARC policies (reject or quarantine) for functionality.
- BIMI Supports Brand Logo: BIMI allows for the display of brand logos in supporting email inboxes.
- Support Variation: Not all email programs currently support BIMI.
Key considerations
- Mail Stream Coverage: Ensure SPF and DKIM are deployed on all mail streams.
- Feedback Report Monitoring: Monitor feedback reports to identify and address missed mail streams.
- Authentication Accuracy: Correct authentication is critical for DMARC and BIMI to function properly.
- Timeline for Implementation: Allow at least three months for DMARC monitoring and adjustment before escalating to enforcing policies.
- Email Program Support: Consider that not all email programs support BIMI, limiting its reach.
Expert view
Expert from Word to the Wise, Laura Atkins, shares that BIMI provides a way to display your brand logo in supporting inboxes, but also emphasizes that the requirements for DMARC are quite strict (reject or quarantine) and that getting authentication correct is critical. Not all email programs support it yet.
25 Jul 2024 - Word to the Wise
Expert view
Expert from Email Geeks shares the process for setting up DMARC for BIMI. The process includes deploying SPF and DKIM, ensuring they align with the From address, deploying on all mail streams, and deploying DMARC in p=none mode. Steve recommends monitoring feedback reports to identify missed mail streams and deploying aligned SPF and DKIM on those, repeating the process for at least three months, before escalating to enforcing policies and ultimately BIMI.
10 Jul 2023 - Email Geeks
What the documentation says
4 technical articles
Setting up DMARC for BIMI requires the sending domain to be authenticated with DMARC at a policy of 'quarantine' or 'reject', and a Validated Mark Certificate (VMC) to prove logo ownership. Initial DMARC deployment steps involve assessing mail streams, setting up SPF and DKIM, and using a 'p=none' policy for data collection before moving to stricter policies. BIMI requires a DMARC policy to be in place for proper function. DMARC policy options include 'none' for monitoring, 'quarantine' to send unauthenticated emails to spam, and 'reject' to block them.
Key findings
- DMARC Policy: BIMI requires a DMARC policy of 'quarantine' or 'reject'.
- VMC Requirement: A Validated Mark Certificate (VMC) is needed for BIMI logo display.
- DMARC Initial Steps: DMARC deployment starts with assessing mail streams, setting up SPF and DKIM, and using 'p=none'.
- Policy Options: DMARC policy options are 'none', 'quarantine', and 'reject'.
Key considerations
- Authentication: Ensure the sending domain is authenticated with DMARC.
- VMC Acquisition: Obtain a Validated Mark Certificate (VMC) for your logo.
- Mail Stream Assessment: Assess your mail streams before implementing DMARC.
- Policy Progression: Start with a 'p=none' policy for monitoring before stricter enforcement.
Technical article
Documentation from BIMI Group explains that to display a BIMI logo, the sending domain must be authenticated with DMARC at a policy of 'quarantine' or 'reject'. A Validated Mark Certificate (VMC) is also required to prove logo ownership.
21 Jul 2023 - BIMI Group
Technical article
Documentation from DMARC.org explains the initial steps for DMARC deployment: assess your mail streams, set up SPF and DKIM, then set a DMARC policy of p=none to start collecting data and understanding your email ecosystem before moving to stricter policies.
25 May 2024 - DMARC.org
Do DMARC and BIMI require p=reject to be present on the organizational domain?
Do I need a VMC for BIMI to work with Google and Gmail?
Does BIMI impact email deliverability?
Does BIMI require strict alignment between From and return-path domains?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
How do I implement BIMI for email verification in Gmail and Yahoo?
How do I properly set up DMARC records and reporting for email authentication?
What are the best resources for understanding and implementing DMARC and BIMI?
What are the DMARC requirements for BIMI and how does pct affect the policies?
What are the requirements for BIMI, and how do I troubleshoot authentication failures?
