Does my DMARC policy need to be at enforcement for BIMI to work in Gmail?

Gmail requires your DMARC policy to be at an enforcement level, either p=quarantine or p=reject . A p=none policy will not enable BIMI logo display with Gmail.

Is a VMC always required for BIMI logos to show up in Gmail?

Yes, for Gmail to display your BIMI logo and the blue checkmark, a Verified Mark Certificate (VMC) is mandatory. The VMC verifies that your logo is a registered trademark, adding a layer of trust.

My VMC is active, but the logo still isn't showing. What could be wrong?

A common issue is a mismatch between the logo embedded in your VMC and the SVG logo referenced in your BIMI DNS record. You should verify that the exact trademarked logo is within the VMC and that your BIMI DNS record points to the correct, publicly accessible SVG file.

Are there specific requirements for the SVG logo file used in BIMI?

The SVG file for your logo must be in SVG Tiny 1.2 profile, have a square aspect ratio, and be hosted on a secure (HTTPS) server with no redirects. It also needs to be publicly accessible without requiring any authentication.

Can sender reputation affect whether my BIMI logo displays in Gmail?

Yes, your sender reputation plays a significant role. Even with a technically perfect BIMI setup, a poor sending reputation (e.g., high spam rates, low engagement) can prevent Gmail from displaying your logo. Maintaining good deliverability practices is essential.

Why is my BIMI logo not showing up in Gmail despite having a VMC certificate? - Troubleshooting - Email deliverability - Knowledge base

It can be frustrating when your Brand Indicators for Message Identification (BIMI) logo isn't appearing in Gmail, especially after you've gone through the effort of obtaining a Verified Mark Certificate (VMC). While a VMC is a crucial component for Gmail to display your logo, it's not the only piece of the puzzle. My experience shows that several factors can prevent your logo from showing up, even when the VMC seems correctly implemented.

BIMI (Brand Indicators for Message Identification) is an email standard that allows organizations to display their trademarked logo next to their sender name in the recipient's inbox. This visual verification builds trust and helps recipients easily identify legitimate emails. However, its successful implementation depends on a stringent set of technical requirements beyond just the VMC.

When the logo doesn't appear, it often points to a subtle misconfiguration or a deeper deliverability issue. I'll walk you through the common reasons your BIMI logo might not be showing in Gmail and what steps you can take to troubleshoot and resolve them, ensuring your brand gets the visibility it deserves in the inbox.

The foundation: BIMI prerequisites and DMARC enforcement

Before diving into VMC specifics, it's essential to confirm that your underlying email authentication protocols are robust and properly enforced. BIMI strictly relies on DMARC, SPF, and DKIM to verify the authenticity of your emails. Without these foundational elements securely in place, your BIMI logo will not display, regardless of your VMC status.

For Gmail to display a BIMI logo, your domain must have a DMARC policy set to enforcement, meaning either p=quarantine or p=reject. A p=none policy, which is essentially a monitoring-only mode, will not enable BIMI logo display with Gmail. This strict requirement underscores the importance of a fully implemented DMARC strategy for your email security and brand visibility. If you're encountering issues with your BIMI logo, checking your DMARC policy example is a critical first step.

Furthermore, both SPF and DKIM records must pass authentication for emails sent from your domain, and at least one must align with your DMARC policy. This alignment is what gives DMARC its power and what BIMI leverages for trust. I find that many issues stem from subtle misconfigurations in these foundational records, making it vital to perform regular checks of your SPF and DKIM.

BIMI requirements at a glance

DMARC enforcement: Your domain must have a DMARC policy of p=quarantine or p=reject. A p=none policy will not suffice for Gmail.
Validated email authentication: SPF and DKIM must be configured correctly, and at least one must pass DMARC alignment.
VMC certificate: For Gmail, a VMC is mandatory to display your logo. This certificate verifies your trademarked logo.
Proper SVG logo format: Your logo must be in SVG format, hosted securely, and meet specific dimensions and content requirements.
Valid BIMI DNS record: The BIMI record in your DNS must correctly point to your VMC and SVG logo file.

Verifying your VMC and logo integrity

A common point of failure I've observed, especially after a VMC renewal, is a mismatch between the logo embedded in your VMC certificate and the logo referenced in your BIMI DNS record. Even if your IT team insists they're using the same logo, discrepancies can arise.

Your VMC contains an embedded version of your trademarked logo. This embedded image is what mailbox providers like

Gmail trust and display. If the renewal process or a subsequent update caused a subtle change in the VMC's embedded logo, or if the BIMI DNS record is pointing to an outdated or incorrect SVG file, the logo won't show. You can often check the image within your VMC by using specialized tools that deconstruct the certificate files.

I always recommend validating both the VMC itself and your BIMI DNS record using Google's troubleshooting guide for BIMI and official BIMI validators. These tools can highlight discrepancies that might not be immediately obvious, such as the VMC logo not matching the one in your BIMI record. Ensuring the BIMI SVG and certificate are validated is key.

Logo mismatch scenarios

VMC update issues: A new VMC was issued with a slightly different logo, or the previous logo was not correctly embedded.
DNS record outdated: Your BIMI DNS record still points to an old or incorrect SVG file, not the one associated with the new VMC.
Incorrect SVG hosted: The SVG file at the specified URL is not the exact trademarked logo that was verified by the Certificate Authority (CA).

Steps for resolution

Verify VMC contents: Use a VMC inspector or your CA's tools to check the exact logo embedded within the certificate.
Update BIMI DNS record: Ensure your BIMI TXT record points to the correct, publicly accessible URL of the SVG logo that matches your VMC.
Re-verify with CA: If unsure, contact your Certificate Authority (e.g., DigiCert or Entrust) to confirm the logo associated with your renewed VMC.

DNS configuration and SVG hosting best practices

The BIMI DNS record is a TXT record that tells mailbox providers where to find your VMC and your SVG logo file. A typical BIMI record might look something like the example below. It's crucial that the l= tag points to the exact, correct URL of your SVG logo, and the a= tag points to your VMC.

Example BIMI TXT recordDNS

v=BIMI1;l=https://example.com/logo.svg;a=https://example.com/vmc.pem;

One common pitfall I've seen is the use of 301 redirects for the SVG logo URL. BIMI requires that the SVG logo URL specified in your DNS record be a direct link, without any redirects. If your logo URL redirects, even subtly, it can prevent Gmail and other mailbox providers from fetching and displaying your logo. This is a critical technical detail that often gets overlooked, causing issues like the BIMI logo not showing.

Additionally, the SVG file itself needs to conform to specific BIMI requirements. It must be an SVG Tiny 1.2 profile, hosted on a secure (HTTPS) server, and publicly accessible without authentication. Incorrect formatting or accessibility issues with your SVG can also lead to display problems.

SVG profile: Must be SVG Tiny 1.2 profile.
Square aspect ratio: The logo must have a square aspect ratio.
Hosted securely: The SVG file must be hosted on a URL that uses HTTPS.
Publicly accessible: No authentication should be required to access the SVG file.
No external references: The SVG should not contain any external references, scripts, or animation.

Understanding mailbox provider policies and reputation

Even if all your BIMI records, VMC, and SVG files are technically perfect, mailbox providers retain the final say on whether to display your logo. This decision is heavily influenced by your sender reputation. VMCs aren't a golden ticket to display.

Gmail, in particular, has stringent requirements that go beyond mere technical compliance. Your domain's sending history, spam complaint rates, engagement metrics, and overall compliance with mailbox provider policies all factor into their decision to display your logo and, importantly, the blue checkmark. If your emails are frequently landing in the spam folder or encountering other deliverability issues, the logo may not appear, even with a VMC.

I've seen instances where all technical BIMI requirements were met, but the logo still didn't show due to poor sender reputation. It's a clear signal that maintaining good deliverability practices is paramount. Regularly monitoring your domain reputation through tools like Google Postmaster Tools is essential for identifying and addressing any issues that might impact your logo's visibility.

Factor	Impact on BIMI logo display at Gmail
DMARC policy enforcement	Must be p=quarantine or p=reject. p=none will not work for logo display.
Verified Mark Certificate (VMC)	Mandatory for logo display and blue checkmark. Must contain the exact, trademarked logo.
Sender reputation	High sender reputation is crucial. Low reputation (e.g., high spam complaints, blacklisting) can prevent logo display.
SVG file format & hosting	Must be SVG Tiny 1.2, square, hosted securely (HTTPS), publicly accessible, and no redirects.

Ensuring your brand's visibility

While having a VMC certificate is a significant step towards enabling BIMI in Gmail, it's clear that successful implementation requires attention to detail across several technical and reputational fronts. I've often seen cases where one overlooked element can stop the entire system from working as intended.

To ensure your brand's logo consistently appears in Gmail inboxes, you need to verify not just the VMC itself, but also its embedded logo, your BIMI DNS record, the SVG file's technical compliance, its hosting, and your overall sender reputation. Consistent monitoring and a proactive approach to email deliverability are key to maintaining this enhanced brand presence.

Views from the trenches

Best practices

Ensure your DMARC policy is set to quarantine (p=quarantine) or reject (p=reject) for all your domains.

Always check that the SVG logo file is in SVG Tiny 1.2 format and hosted on a secure, non-redirecting HTTPS URL.

Verify that the logo embedded within your VMC certificate matches the logo referenced in your BIMI DNS record.

Maintain a high sender reputation by minimizing spam complaints and ensuring consistent email engagement.

Common pitfalls

Forgetting to update the BIMI DNS record after renewing your VMC certificate can lead to logo display issues.

Using 301 redirects for your SVG logo's URL, as BIMI requires a direct, static link to the image file.

Having a DMARC policy of p=none, which will prevent your BIMI logo from appearing in Gmail inboxes.

Not aligning SPF and DKIM authentication with your DMARC policy, which can disrupt BIMI validation.

Expert tips

Consider hosting your SVG logo and .pem file with your Certificate Authority for simplified management.

If debugging, send an email to a specialized service to deconstruct the certificate and view the embedded image.

Check for subdomain-specific BIMI records if your logo isn't appearing for emails sent from a subdomain.

Regularly check your Google Postmaster Tools for any domain reputation warnings or high spam rates.

Expert view

Expert from Email Geeks says the easiest way to ensure proper VMC and logo hosting is to let the Certificate Authority host both the logo and the .pem file.

2024-12-06 - Email Geeks

Expert view

Expert from Email Geeks says that sending an email to a service that shows certificate details, including the embedded image, can help in debugging logo mismatches.

2024-12-06 - Email Geeks