Summary
BIMI SVG files have specific requirements for proper display and security. These include a square aspect ratio, a file size under 32KB, and use of the SVG Tiny 1.2 base profile with centering within a square viewport. Mailbox providers may ignore non-compliant elements, such as `<style>` and 'gradientTransform', which fail RNC validation. The SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 must be adhered to for security, disallowing exploitable features. Validation involves using online validators, checking for compliance with BIMI specifications, and ensuring proper DNS records (DMARC, SPF, DKIM). The SVG logo should not contain external links or scripting, and text should be converted to outlines. Optimization involves removing unnecessary metadata and reducing nodes/paths. Display depends on email client support and requires DMARC authentication, a registered trademark, and sometimes a Verified Mark Certificate (VMC). BIMI provides enhanced brand visibility, trust, and can positively impact email marketing metrics. Security checks are crucial to avoid malicious content.
Key findings
- SVG Specs: SVG files must have a square aspect ratio, be under 32KB, use SVG Tiny 1.2 base profile, and be centered.
- Compliance: Mailbox providers may ignore non-compliant elements like `<style>` and 'gradientTransform'.
- Security Standard: Adherence to SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 is critical for security.
- Validation Methods: Validation involves using online validators and checking BIMI specifications and DNS records.
- Content Restrictions: SVG logos must not contain external links or scripts; text should be outlined.
- Optimization: Optimize file size by removing metadata and reducing nodes/paths.
- DMARC/VMC: BIMI display requires DMARC and sometimes a Verified Mark Certificate (VMC).
- Security Checks: SVG logos must be thoroughly checked for malicious content.
Key considerations
- Technical Compliance: Adhere to all specified SVG technical requirements (size, aspect ratio, SVG version).
- Security Hardening: Harden SVGs to prevent XSS or data exfiltration by not allowing any Javascript in the files and scrubbing unnecessary metadata and comments.
- Validation Process: Thoroughly validate SVG files using online validators and manual checks.
- DNS Configuration: Ensure proper DNS records (DMARC, SPF, DKIM) are correctly configured.
- Trademark & VMC: Secure a registered trademark and a Verified Mark Certificate (VMC) when needed.
- Text Rendering: Text should be converted to outlines to prevent unexpected font issues.
- Email Client Compatibility: Recognize and account for varying support among email clients.
What email marketers say
9 marketer opinions
BIMI SVG files must adhere to specific requirements for validation and display. These include adhering to the SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 specification, optimizing file size by removing unnecessary metadata and reducing nodes/paths, and ensuring proper file formatting (avoiding embedded raster images or disallowed features). Validation involves checking for compliance with BIMI specifications, proper DNS records (DMARC, SPF, DKIM), and using BIMI validators. Display depends on email client support and requires DMARC authentication. The benefits of BIMI include enhanced brand visibility, trust, and improved email marketing metrics.
Key opinions
- SVG Standard: BIMI SVG files must adhere to the SVG Portable/Secure (SVG P/S) subset of SVG Tiny 1.2 specification to avoid security vulnerabilities.
- File Size: Optimizing SVG file size is crucial; remove unnecessary metadata and reduce nodes/paths.
- Formatting: Incorrect file formatting, embedded raster images, or disallowed SVG features can prevent BIMI SVG logos from displaying.
- Validation: Validation involves checking SVG compliance, ensuring proper DNS records (DMARC, SPF, DKIM), and using BIMI validators.
- Display: BIMI logos are displayed by participating email providers if the sending domain has implemented DMARC authentication and the SVG logo meets the specified requirements.
- Brand Trust: BIMI enhances brand visibility and trust in the inbox, helping recipients identify legitimate emails.
- Email Marketing Metrics: BIMI can improve email marketing metrics, including brand recognition, engagement, and deliverability.
Key considerations
- Security: Ensure the SVG adheres to the SVG P/S subset of SVG Tiny 1.2 specification to avoid security vulnerabilities.
- Optimization: Optimize the SVG file size for fast loading times and compatibility with email clients.
- Compliance: Verify the SVG's compliance with BIMI specifications and proper DNS setup.
- Client Support: Recognize that BIMI's visual aspect depends on email client support; not all clients currently display BIMI logos.
- DMARC: DMARC authentication is a prerequisite for BIMI logo display.
- Visual check: Always render the output from the SVG to ensure it matches your expectation - particularly that text displays correctly and no features are lost.
Marketer view
Email marketer from Email on Acid Blog shares that validating BIMI involves checking the SVG logo for compliance with BIMI specifications, ensuring proper DNS records (DMARC, SPF, DKIM) are set up, and using BIMI validators.
29 Jan 2024 - Email on Acid Blog
Marketer view
Email marketer from Agari (Proofpoint) shares that BIMI provides enhanced brand visibility and increased brand trust in the inbox. It allows email recipients to quickly identify legitimate emails, reducing the risk of phishing attacks.
17 Oct 2024 - Agari (Proofpoint)
What the experts say
5 expert opinions
BIMI SVG files have specific requirements to ensure proper display and security. Mailbox providers may ignore non-compliant elements like `<style>` and 'gradientTransform', which fail RNC validation. SVG conversion tools can fix issues, and validators flag errors. Security is paramount; BIMI logos must be checked for malicious content and external links. Key requirements include DMARC compliance, a registered trademark, a Verified Mark Certificate (VMC), and a properly formatted SVG file.
Key opinions
- Non-compliant elements: Mailbox providers might ignore non-compliant elements, such as `<style>` and 'gradientTransform'.
- RNC Validation: `<style>` and 'gradientTransform' fail RNC validation.
- SVG Conversion Tools: SVG conversion tools can fix potential issues.
- BIMI Validator: The BIMI validator flags errors in SVGs.
- Security Checks: BIMI logos must be checked for malicious content and external links.
- Key Requirements: BIMI requires DMARC compliance, a registered trademark, and a Verified Mark Certificate (VMC).
Key considerations
- Compliance: Ensure the SVG file is compliant with BIMI standards.
- Validation: Use BIMI validators and conversion tools to check and fix issues.
- Security: Thoroughly check the SVG for malicious content and external links before deployment.
- DMARC Setup: Verify DMARC compliance is in place before implementing BIMI.
- Trademark and VMC: Obtain a registered trademark and a Verified Mark Certificate (VMC) for the logo.
Expert view
Expert from Email Geeks explains that mailbox providers (MBP) could choose to ignore non-compliant elements in BIMI SVGs, but `<style>` and "gradientTransform" both fail the RNC (Relax NG Compact syntax, a schema language).
30 Aug 2022 - Email Geeks
Expert view
Expert from Spam Resource explains that BIMI logos need to be very carefully checked for malicious content and external links. It is crucial to ensure that they are safe and secure to prevent exploitation.
31 May 2024 - Spam Resource
What the documentation says
5 technical articles
BIMI SVG requirements include a square aspect ratio, a file size under 32KB, use of the base profile of SVG Tiny 1.2, and centering within a square viewport. SVG Tiny 1.2 is designed for limited resource devices, and BIMI uses a subset. SVG P/S ensures security by disallowing exploitable features. The SVG logo must not contain external links or scripting, and text should be converted to outlines. Some mail clients require a Verified Mark Certificate (VMC) to display the BIMI logo, which verifies brand ownership.
Key findings
- SVG Requirements: BIMI SVGs must have a square aspect ratio, be under 32KB, use SVG Tiny 1.2, and be centered within a square viewport.
- SVG Tiny 1.2: SVG Tiny 1.2 is a profile for limited-resource devices.
- SVG P/S Security: SVG P/S is a secure subset, disallowing exploitable features.
- Content Restrictions: The SVG logo should not contain external links or scripting.
- Text Handling: Text in the SVG should be converted to outlines.
- VMC Requirement: A Verified Mark Certificate (VMC) may be required for BIMI logo display in some mail clients.
Key considerations
- Technical Specs: Adhere to the specified dimensions and size limitations for the SVG file.
- Security: Avoid using disallowed SVG features and ensure the SVG is secure.
- Content Security: Remove any external links or scripts from the SVG file.
- Text Rendering: Convert all text to outlines to ensure consistent rendering across email clients.
- VMC Acquisition: Check if a VMC is required by your target email clients and obtain one if necessary.
Technical article
Documentation from BIMI Group Website explains that BIMI SVG logos must be a square aspect ratio, be smaller than 32KB, and use only the base profile of SVG Tiny 1.2. They should also be centered within a square viewport.
2 Mar 2023 - BIMI Group Website
Technical article
Documentation from IETF explains that SVG Tiny 1.2 is a profile of SVG intended for devices with limited resources, specifying the features and syntax allowed. BIMI builds on a further subset of this
7 Dec 2022 - IETF
Can a trademark owner authorize a third party to use their logo for BIMI?
Can BIMI logos be animated and how do Google profile images interact with BIMI?
How can I check if a domain uses Entrust or Digicert for BIMI, and should I avoid Entrust?
How do I add a background color to my BIMI SVG logo?
How do I display my logo in email inboxes, particularly Gmail, and what are the BIMI requirements?
How do I implement BIMI and get my logo to show in Gmail and Yahoo Mail?
