That’s a common question, and the answer isn't a simple yes or no. Brand Indicators for Message Identification, or BIMI, is an email standard that allows you to display your company's logo in your recipients' inboxes. As DuoCircle notes, "By showing a verified brand logo in the inbox itself, BIMI turns each email into a branded touchpoint, which enhances brand recognition." However, the way this verification happens is a multi-step process where BIMI is just one piece of the puzzle.
BIMI itself doesn't directly authenticate the logo. Instead, it acts as a bridge, connecting other authentication methods to a specific logo file. The authentication happens in layers, with BIMI serving as the final instruction for email clients on what to display.
The foundation: DMARC
Before you can even think about displaying a logo, you need strong email authentication for your domain. This is where DMARC (Domain-based Message Authentication, Reporting & Conformance) comes in. BIMI requires that your domain has a DMARC policy set to an enforcement level, meaning a policy of p=quarantine or p=reject.
This DMARC policy tells receiving mail servers that your emails are protected by SPF and DKIM, and it instructs them what to do with messages that fail authentication. This step authenticates the sender, not the logo. It proves that an email legitimately comes from your domain and isn't a spoofed or fraudulent message.
The logo verification: VMC and trademarks
This is where the actual logo authentication happens. For most major inbox providers like Gmail and Apple Mail to display your logo, you need a Verified Mark Certificate (VMC). A VMC is a digital certificate that proves your ownership of the logo.
Getting a VMC is a rigorous process. Here’s what it involves:
- Registered Trademark: Your logo must be a registered trademark with a recognized intellectual property office. This is a non-negotiable legal requirement.
- Verification by a Certificate Authority (CA): You have to apply for a VMC from a trusted CA. They will verify your organization and confirm that your logo is indeed a registered trademark.
- Proper Logo Format: The logo itself must be in a specific SVG Tiny PS format, as outlined in the BIMI standards.
The VMC is what provides the cryptographic proof that your logo is authentic and belongs to your brand. When an email client sees a VMC linked in your BIMI record, it can trust that the logo is legitimate.
How BIMI connects everything
BIMI is a simple text record that lives in your DNS, similar to your SPF or DMARC records. This record tells email clients where to find your logo and your VMC.
Here is the sequence of events:
- An email is sent from your domain.
- The receiving server checks for and validates DMARC, ensuring the email is authentic.
- The server then looks up your BIMI record in DNS.
- The BIMI record points to the location of your SVG logo file and your VMC.
- The server fetches and validates the VMC, confirming the logo is a verified trademark.
- If all checks pass, your logo is displayed in the inbox.
So, to answer the original question: no, BIMI does not authenticate the logo itself. It relies on the combination of DMARC to authenticate the sender and, crucially, a VMC to authenticate the logo. BIMI is the standard that makes this visual verification possible, but the heavy lifting of authentication is done by DMARC and the trademark verification process behind the VMC.
