This is a common point of confusion when setting up Brand Indicators for Message Identification (BIMI). The short answer is both yes and no. BIMI validation checks the technical formatting of your SVG logo file to ensure it's secure and compliant, but it does not validate the visual content of the logo itself. The process of verifying that you have the right to use the logo is handled by a Verified Mark Certificate (VMC).
Let's break down what each part of the process actually validates.
What BIMI's SVG validation checks
When we talk about BIMI validation in the context of the SVG file, we're referring to a strict set of technical requirements. This validation does not use image recognition or human review to see if the logo is appropriate. Instead, it checks the code of the SVG file to ensure it adheres to a specific, secure profile known as SVG Portable/Secure (P/S). This is a restricted version of the standard SVG format designed to eliminate security risks, such as embedded scripts or external links.
The key requirements that are validated include:
- File Format: The image must be in the SVG Tiny 1.2 format.
- Title Element: The file must include a <title> element that reflects your company name. This does not have to match your domain name exactly.
- No Harmful Elements: The SVG cannot contain scripts, external links, animations, or any interactive elements.
- Text as Paths: Any text within your logo must be converted into vector paths, not embedded as font files.
- Size and Aspect Ratio: The logo should be a square aspect ratio and the file size must be 32 kilobytes or less.
How the SVG file format is validated
The validation of these technical points is done automatically. Mailbox providers and validation tools check the SVG file's XML structure against a predefined set of rules. The BIMI Group, which develops the standard, provides a specific schema for this purpose.
Because of these strict requirements, you often can't just save a logo as an SVG from a standard graphics program. It may require using specific export settings or even opening the file in a text editor to manually remove unsupported elements and ensure it meets the P/S profile.
What validates the logo's content? The role of VMCs
So, if BIMI's validation only checks the file's code, what stops a bad actor from using another company's logo? This is where the Verified Mark Certificate (VMC) comes in.
A VMC is a separate digital certificate that proves your organization has the legal right to use the logo associated with your domain. To get a VMC, you must go through a verification process with a Certificate Authority (CA). The CA verifies that your logo is a registered trademark. This process connects your verified, trademarked logo to your domain, providing the critical trust signal that mailbox providers need to display it.
In short, the system works with two layers of validation:
- BIMI SVG Validation: A technical check to ensure the file is safe and properly formatted.
- VMC Validation: A legal and organizational check to verify the logo is a registered trademark owned by your company.
Therefore, while BIMI itself doesn't validate the visual content of the SVG, the overall ecosystem—when implemented with a VMC—ensures that the logo being displayed is both technically safe and authentically represents the sending brand.
Does BIMI require the SVG to be publicly accessible via HTTPS?
Does BIMI authenticate the logo itself?
What are the specific requirements for an SVG image to be BIMI compliant?
Does BIMI specify the location of the SVG file?
Does BIMI work with non-SVG image formats?
Does BIMI support animated SVG files?
