Brand Indicators for Message Identification, or BIMI, is a fantastic way to get your logo to appear in your customers' inboxes. As this simple visual cue provides immediate brand recognition and builds trust. However, setting it up can be a bit tricky. I often see people make a few common mistakes that prevent their logo from displaying correctly.
Navigating the technical requirements can feel complex, but getting them right is essential. Let's walk through the most common errors I see when people configure a BIMI record and how you can avoid them.
Your DMARC policy isn't at enforcement
This is by far the most frequent issue. Before you can even think about BIMI, your domain needs to have a solid DMARC policy in place. BIMI requires that your DMARC policy is set to an enforcement level, which means it must be p=quarantine or p=reject. A policy of p=none, which is just for monitoring, is not sufficient.
The reason for this is that BIMI is built on a foundation of strong email authentication. By setting your DMARC policy to quarantine or reject, you're making a clear statement that you are actively protecting your domain from spoofing. Mailbox providers need this assurance before they will display your logo.
Incorrectly configured BIMI record
The next common pitfall is the BIMI record itself. This is a TXT record in your DNS, and even a small typo can cause it to fail. The record has a specific format that must be followed precisely. Correctly configuring the BIMI DNS record is essential for the protocol to function.
A standard BIMI record looks something like this: default._bimi.yourdomain.com TXT "v=BIMI1; l=https://yourdomain.com/logo.svg;". Common errors I see include typos in the version tag (e.g., v=BIMI instead of v=BIMI1), an incorrect URL in the logo tag (l=), or a mistake in the DNS record's host name.
Your logo file doesn't meet the requirements
BIMI is very particular about the format of your logo file. You can't just use any PNG or JPEG. Your logo must be in the SVG (Scalable Vector Graphics) format, and not just any SVG will do; it needs to adhere to the SVG Tiny Portable/Secure profile.
This specific profile has strict rules to ensure the image is secure and won't cause issues for mail clients. Key requirements include:
- No scripts: The SVG file cannot contain any scripts or interactive elements.
- No external links: It cannot link to any external resources.
- Specific attributes: The file needs specific attributes in its XML structure, like baseProfile="tiny-ps" and a correct <title> element.
Additionally, the SVG logo must be hosted on a public web server with a valid HTTPS certificate. If the mail provider can't access the URL you provided in the BIMI record, your logo won't be displayed.
Issues with your Verified Mark Certificate (VMC)
While some mailbox providers may display your logo without one, major providers like Gmail require a Verified Mark Certificate (VMC). A VMC is a digital certificate that proves you are the rightful owner of the trademarked logo. It adds another layer of verification.
If you're using a VMC, you must add an authority tag (a=) to your BIMI record that points to your VMC file. Common errors here include an incorrect URL, letting the VMC expire, or having a mismatch between the logo in the VMC and the one in your SVG file. Ensuring your VMC is valid and correctly referenced is crucial for getting your logo to appear in places like Gmail.
Successfully implementing BIMI requires careful attention to detail across DMARC, DNS, and your logo assets. By avoiding these common errors, you can significantly improve your chances of getting that valuable brand logo to display in the inbox.
What DNS record type is used for BIMI?
What is the role of the 'a=' tag in a BIMI record?
What are the specific requirements for an SVG image to be BIMI compliant?
Does BIMI use a specific DNS subdomain for its TXT record?
What is the selector for a BIMI record?
What is the specific format for the BIMI TXT record name?
